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UBS SNAGS ENRON'S ONLINE ASSETS 


But faces challenge of 
winning back customers 


BY MICHAEL MEEHAN 
As scandal continued to sur- 
round Enron Corp. last week, 
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UBS Warburg quietly snatched 


up the IT infrastructure of the 
energy giant’s online gas and 
power trading operation, for 
no money down. 

The deal could turn out to be 


| acoup for UBS, since many ex- 


| 
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In a recession, IT managers have to be high- 
ly focused on the bottom line as they deploy 


wide-area networking technologies. Some 


are finding that they can meet their WAN needs, while 


keeping costs down, with new options such as voice over 


IP and metropolitan-area networks. 
Special Report begins on page 31. 


Besides the wealth of material in our pages, check out the online resources and feature stories in our 
Knowledge Center on Enterprise Networking: www.computerworid.com/q?k1200 
= VPNs offer an affordable, safe way to connect dispersed networks. 
.O.1 ye = How tosecurea telecommuter's office with firewalls and routers. 
| nke a Thecity of Chicago is planning a huge metropolitan-area network. 


perts considered the trading 


operations to be the keystone 


| in Enron’s one-time position as 
the seventh-largest company | 


in the U.S. But UBS faces sev- 


| eral challenges in its bid to re- 


turn EnronOnline to glory, in- 
cluding persuading 


back to the online exchange. 
UBS plans to hire many of 


| the 800 people now employed 


in Enron’s trading operation 


and is eyeing IT staff in partic- | 
spokesman | 


ular, said UBS 

David Walker. 
“Traders are very important, 
but equally so are the tech per- 
sonnel who will be needed to 
Enron, page 65 


energy | 
| traders to bring their business 





FEDS’ CONFUSION 


GREETS AIRLINES 


Agencies waffle o on eve 
of security deadline 


| BY JENNIFER DISABATINO 


Two days before the Jan. 18 
deadline for U.S. 
comply with new 
screening regulations, the fed- 
eral government appeared to 
be in a state of utter confusion 
about exactly what it was re- 
quiring. 

On Jan. 16, U.S. Department 
of Transportation Secretary 


| ger. 


airlines to | 
baggage | 





| Norman Mineta gave a speech 


in which he indicated that each 


| bag loaded onto an originating 
| flight 


would have to be 
matched to an onboard passen- 
That’s a vastly stricter 
guideline than what the 
lines had been preparing for: 
using bag matching as just one 
option in multifaceted screen- 
ing plans. 

In some cases, particularly 
in airline hubs, bag matching 
relies upon laser scanners, 
wireless devices and passenger 
databases. To implement that 
for every passenger, even 
where the technology existed, 
would have been extremely 
Airlines, page 16 


air- 








INTRODUCING THE FASTEST STORAGE SOFTWARE .ON EARTH. 


BrightStor” Enterprise Backup 


What good is storage software if it isn’t fast enough to back up all of your critical information? 
BrightStor Enterprise Backup sets a new standard for high-speed storage software, which means a 
you don’t have to pick and choose what data to protect. So if you're looking for the best storage 


solution for UNIX, Windows NT, and Windows 2000, you just found it Computer Associates™ 


ca.com/brightstor 





More hospitals run their “life-or-death” applications 
on Caché than on any other database system. 

With reliability like this - demonstrated by the world’s 
most critical applications — you should consider Caché 
for your applications. 


The speed and scalability of Caché are superior to the 
leading relational database products, even though it 
runs on much less expensive hardware and requires 
far less database administration. 


Caché uniquely combines robust object and relational 
technologies, coupled to a multidimensionai data 
engine. Plus, it includes a rapid Web application 
development environment. 


Caché is backed by 24x7 support from InterSystems - 
a leader in high performance databases for 23 years, 
with 4,000,000 users* worldwide in healthcare, 
financial services and other industries. 
InterSystems » 
Ee. CACHE 
Coe 


Make Applications Faster 


Download Caché for free or request it on CD at www.I|nterSystems.com 


* InterSystems’ database technology is used by Ameritrade, Hitachi, Johns Hopkins, Kennedy Space Center 
Pepsi Cola, Prudential Insurance Co., Shell, U.S. Army, World Bank and other successful enterprises 


espective vendors.43 2 
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6 The outlook for many ASPs may 
be bleak, given the recent Chapter 
ll filings by market leaders, but 
users say they haven't lost faith. 


7 Government agencies are 
obtaining personal information 
on individuals from databases that 
critics say aren’t being properly 
regulated. 


8 A spectrum allocation proposal 
by Nextel Communications has 
private wireless users such as 
FedEx fuming. 


10 Most Wall Street IT managers 
say they haven’t even begun prepa- 
rations to meet straight-through 
trade processing requirements. 


12 CEOs of large retailers are 
telling their IT departments to 
hold off on new spending. 


OPINIONS 

Patricia Keefe 26 
Pimm Fox 26 
Dan Gillmor 27 
Frank Hayes 66 
Letters 

How to Contact CW 64 
Company Index 64 
Shark Tank 66 


Gone With the WINS 

DNS has taken the reins from the 
Windows Internet Naming Service 
(WINS) as the preferred name ser- 
vice in Windows 2000. But what 
do you do if you already have a 
Unix domain name service? 
www.computerworld.com/ 
community/os 


Packet Traffic Cop 

This week’s Emerging Companies 
feature looks at NetReality, whose 
technology aims to optimize avail- 
able wide-area network bandwidth 
by giving priority to critical appli- 
cation packets. 
www.computerworld.com/q?26296 


For breaking news, 
«x updated twice daily, visit 
Computerworld.com 


www.computerworld.com/q?q4009 
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31 Cost-Conscious Nets 


You’re an IT manager, not an ac- 

countant, but saving money on 

your network could save your job 
in these tough economic times. This special report 
offers ways to cut costs — from taking a close look 
at telecom bills to spot waste to renegotiating net- 
working contracts for better deals. 


32 The Story So Far A quick tour of the background 
behind wide-area networking technologies — and how 
we got to where we are today. 


36 Voice Over IP: It’s Ready! VoIP systems have been 
around since 1998, but most companies have been skep- 
tical of call quality and network administration. Now 
that quality has improved, users see VOIP as a way to 
save. 

ONLINE: A software upgrade to its existing PBX enables 
Lego Systems to test voice over IP without disrupting 
its existing phone system. www.computerworld.com/q?264N1 


38 Dow Blazes VOIP Trail Dow Chemical’s new 
50,000-user integrated IP voice/data network is a 
pioneering effort that other companies may try for 
themselves. 


ONLINE: Officials at Dow Chemical @ 

and EDS share the lessons they K \ 
learned while deploying Dow’s glob- (AA 

al VOIP network. VN 4 


www.computerworld.com/q?26032 


40 Cost-Cutters Here’s a way to 

save money: Instead of letting em- 

ployees strike their own deals for 

cell phones and rate plans, negotiate a 
master contract for everyone. That’s just 
one of many practical tips industry experts 
offer for cutting wide-area networking costs. 


42 Kevin Fogarty says voice is too vital to put on the 
Internet without proper precautions. 


44 MAN on the Run During the past few years, some 
enterprises have turned away from leased lines or frame 
relay and adopted metropolitan-area networks (MAN) 
te connect multiple facilities within the same city. 
ONLINE: Chicago’s $30 million-plus telecommunications 
budget provides incentives for building a metropolitan- 
area network. www.computerworld.com/q?26410 


46 QuickStudy: Learn al! about optical networking. 


48 Inspecting the Net Users say monitoring and man- 
agement products that watch for application bottle- 
necks are worth every penny. 


50 Remote Access Hassles 
Large companies are turning 
to outsourcers to handle the 
chores of providing Net ac- 
cess to global road warriors 
and domestic telecommuters. 


52 Beyond Passwords When 

it comes to network user authen- 

tication, passwords aren’t the only 

game in town; the smart card, token 

and biometrics markets are heating up. 

ONLINE: Read about the Holy Grail of authentication: 
directory services that store user account information 
such as passwords and biometrics 
www.computerworld.com/q?26022 


54 Safe and Secure Employers have been making net- 
work security an IT priority in the past year. That 
trend and an insufficient supply of skilled pro- 


fessionals are making network security IT’s 
next hot job market. 
4 ONLINE: For more on the GIAC and CISSP 


certifications that employers look for in net- 
work security personnel, visit us online. 
www.computerworld.com/q?26056 


55 Nicholas Petreley lays down his own law to 
match those of illustrious predecessors Gordon 
Moore and Robert Metcalfe. 
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TAMING THE VPN 


Solid but expensive virtual pri- 

vate network products abound, 

but an enterprise VPN is still 

tricky to manage. Have you con- 

sidered outsourcing? 
www.computerworld.com/ 
4q?26377 


SECURING THE OFFICES 
OF TELECOMMUTERS 


Home offices pose big IT security 
challenges. Personal firewalls and 
routers for small offices can de- 
liver remote management capa- 
bilities and improved security. 


www.computerworld.com/q?26378 


VPNs DELIVER THE GOODS 


The Internet revolution brought a 
simpler, less expensive option for 
interconnecting LANs. A careful- 
ly planned VPN offers an afford- 
able, safe way to connect dis- 
persed networks. 
www.computerworld.com/q?26293 








Ei Lilly Settles FTC 
Privacy Charges 


Eli Lilly & Co. agreed to settle priva- 
cy-related charges brought by the 
Federal Trade Commission (FTC) 
after the indianapolis-based drug 
maker inadvertently divulged the 
e-mail addresses of about 600 
Prozac users last summer because 
of a programming error. As part of 
the deal, the FTC said, Eli Lilly will 
implement a more stringent infor- 
mation-security program. The com- 
pany won't have to pay any fines. 


Sun Reports Big Loss, 
Drop-off in Sales 


Sun Microsystems Inc. reported a 
$431 million loss for its second 
quarter ended Dec. 30, as revenue 
plunged 39% from $5.1 billion in 
the same period a year earlier to 
$3.1 billion. But Michael Lehman, 
Sun’s chief financial officer, said 
the company is “showing signs of 
progress” and hopes to return to 
profitability in its fourth quarter, 
which ends in June. 


IBM, Nextel Team on 
Mobile Applications 


IBM and Reston, Va.-based wireless 
service provider Nextel Communi- 
cations Inc. said they plan to jointly 
develop mobile e-business applica- 
tions aimed at corporate users in 
the U.S. Nextel also agreed to out- 
source management of its customer 
service operations and systems to a 
team led by IBM in a deal valued at 
$1.2 billion over eight years. 


Short Takes 


DELL COMPUTER CORP. increased 
the business forecast for its fourth 
quarter ending Feb. 1, saying rev- 
enue will likely total about $8 bil- 
lion. That’s up from an earlier pro- 
jection of $7.6 billion. . . . Framing- 
ham, Mass.-based IDC and San 
Jose-based DATAQUEST INC. both 
said PC shipments dropped about 
5% on a worldwide basis last year. 





| when it comes to outsourcing 
| applications in the face of 
| the financial troubles plaguing 


| viders (ASP). 
Md.-based USinternetworking 


| ASP to ask for Chapter ll bank- 
ruptcy protection after a string 


| ing ASPs during the past 12 
| months have prompted some | 
| analysts to question the long- 
| term viability of the ASP model. 


| BY MARC L. SONGINI 
| AND JORIS EVERS 
| AMSTERDAM 


| the company is modifying the 
| way it prices its business appli- 
| cations by implementing flat 


‘NEWS 


sers: ASP Benefits 
Still Worth the Risk 


But financial problem 
providers make 


| 


BY JAIKUMAR VIJAYAN 
EEP THE FAITH. 
But have a Plan B, 
just in case. That’s 
the advice from 
users and analysts 


major application service pro- 
Two weeks ago, Annapolis, 
Inc. (USi) became the latest 


of poor quarters. USi’s troubles 
and those of several other lead- 





But ASP users say the bene- 


Details lacking on 
new flat-fee plan 


Oracle Corp. CEO Larry Elli- 
son last week disclosed that 


per-user fees for power and ca- 
sual users. But the full ramifi- 
cations of the pricing change 
remained unclear. 

Ellison said at the European 
version of Oracle’s AppsWorld 
conference that the new fees 
are an attempt to simplify the 
pricing of its E-Business Suite 
lli applications. License fees 
for the full suite will be $4,000 
per power user and $400 per 


s at service 


backup plans critical 


fits of using outsourced appli- 
cations continue to be signifi- 
cant. Yet, even staunch sup- 
porters protect themselves 
through good contracts and 
strategies designed to keep 
their applications alive if their 
ASP suddenly isn’t. 

Take human resources con- 
sultancy Watson Wyatt World- 
wide, for instance. Nine 
months ago, the Washington- 
based company outsourced its 
e-mail services to USi. Despite 
the ASP’s financial woes, ser- 
vice hasn’t been disrupted so 
far, said David Hollingsworth, 
director of support operations 
at Watson Wyatt. 

“Application availability has 


been way higher than what we | 


have achieved 
Hollingsworth 


could 


selves,” said, 


Oracle Revamps App Pricing; 


Oracle’s previous approach, | 
with separate prices for appli- | 


cation modules, “was very 
complicated,” Ellison said. “We 
had all these complex matrix- 
es.” He said the new fees are 
“the complete price list for 


| everything you want.” 


The change is similar to the 


database pricing with flat per- | 
processor fees that Oracle im- | 
plemented last year. But Ora- | 
cle couldn't provide full details | 
| on how the new pricing will | 
work, saying more information | 
would be available “shortly.” A | 


key unknown is how Oracle 


will define what separates a ca- 


sual user from a power one. 
Hal Kuff, systems and net- 
work manager at Tessco Tech- 


nologies Inc., said the new | 
pricing might make it feasible | 


for the Hunt Valley, Md.-based 
wireless technology vendor to 





casual user, he said. 


expand its internal usage of 


| 
our- 


ASP Advantages 


An October 2001 study of 
53 businesses that used ASPs 
found that: 


experienced a return on in- 
vestment greater than 100%, 
and 12% reported ROI of 

_ more than 1,000%. 


> » The average payback for 

= an outsourced application 
was 1.33 years on an 
average total investment of 


$4.2 million. 


» The average initial invest- 
= ment was $399,000. 


SHAM. MA 


RAMIN! 


adding that software costs 
have become more predictable 
and easier to manage. 

Even so, the company isn’t 
taking any chances. Watson 
Wyatt has made sure to in- 
clude “pretty strong language” 
in its contract with USi that 





mpact Unclear 


Oracle’s applications. 
Kuff said he welcomes the 


recognition that customers 

such as Tessco have a mix of 

users, some of whom require 

full application functionality 

and others with “inquiry-only 
| and light transaction” needs. 
But he said he’s “anxious to re- 
ceive clarification on what 
exactly a casual user is.” 

Oracle previously made sim- 


for some application modules. 
For example, the store on the 
company’s Web site lists “user” 
and “read-only user” prices for 
its financial applications. 

But Katherine Jones, an ana- 


lyst at Aberdeen Group Inc. | 


| in Boston, said an individual 
end user could qualify as a 
power user of one module and 
a casual user of others. She 
added that companies may 
prefer to continue negotiating 


> 44% of the organizations 
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spells out how quickly it needs 
to get its data back in the event 
that USi isn’t able to continue 
its services, Hollingsworth said. 

Servers that are identical to 
the ones USi uses to host Wat- 
son Wyatt’s e-mail services are 
ready and waiting at a network 
co-location site. If something 
goes wrong at USi, Hollings- 
worth estimates that it would 
take less than a day to resume 
e-mail services at the backup 
facility. The cost of the mirror 
facility was built into the out- 
sourcing budget, he said. 

“Just because you are out- 
sourcing something doesn’t 
relieve you of the responsibili- 
ty of managing it,” he said. 

Mitchell Dickerman, CIO 
at Boston-based advertising 
agency Hill, Holliday, Con- 
nors, Cosmopulos Inc. has 
another approach. When his 
company hired Lexington, 
Mass.-based ASP Surebridge 
Inc. to run its PeopleSoft mod- 
ules in 1999, the agency made 
sure that it owned the servers. 

“Our boxes are down the 
street from us. If our service 
provider went down, we’d just 
walk across and take the boxes 
back home,” Dickerman said. D 


site licensing with Oracle. 

“It looks like one of Larry’s 
shot-from-the-hip pronounce- 
ments,” said Joshua Green- 
baum, an analyst at Enterprise 
Applications Consulting in 
Daly City, Calif. But the fees do 
appear to bring Oracle’s prices 
within range of what rival SAP 
AG charges, he added. 

Jeremy Young, president of 
the Oracle Applications Users 
Group in Atlanta, said the pric- 
ing model “sounds very inter- 
esting.” But users will need to 


compare the new prices with 
ilar distinctions in the pricing | 


what they were paying for the 
software under Oracle’s old li- 


| censing approach, said Young, 


who is a business process man- 
ager at Brussels-based DHL 
Worldwide Network NV.D 


Evers is a correspondent for the 
IDG News Service. 


Quick 
[Tmke www.computerworld. 
com/q?26550 and 


www.computerworld.com/q?26554 


For more on Apps- 
World, please visit 
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Unregulated Databases Hold Personal Data 


Lawsuit seeks details on government use 


BY JENNIFER DISABATINO 
In the 2000 presidential elec- 
tion, Florida disqualified thou- 
sands of voters because a com- 
puterized database search 
identified them as felons who 
were ineligible to participate 
in the election. 
Many those 
weren't, in fact, felons. They 
had been charged with misde- 
meanor crimes and should 
have been eligible to vote. 
After following the govern- 
ment investigation of the elec- 


of voters 


tion that uncovered these er- | 


rors, Chris Hoofnagle, an attor- 
ney for the Electronic Privacy 
Information Center (EPIC) in 
Washington, began to look into 
profiling agencies. Last week, 
he filed a lawsuit seeking to re- 
lease information involving 
the purchase of data on indi- 
viduals by U.S. government 
agencies from companies that 
sell personal data. 

The ultimate goal is to have 
these companies regulated so 
that citizens have the right and 
ability to monitor and correct 


their profiles in these databas- | 


es, Hoofnagle said. 

DBT Online Inc. provided 
the database against which 
Florida checked its voter regis- 
tration rolls to remove ineligi- 
ble voters. Boca Raton, Fla.- 
based DBT was purchased by 
Alpharetta, Ga.-based Choice- 
Point Asset Co. before the 
election but after the voter 
checks, according to Choice- 
Point spokesman James E. Lee. 

Lee acknowledged the prob- 
lem and said he’s even in favor 
of regulation because of the 
potential for misuse. “It’s not 


about the availability of the in- | 


formation, it’s about the use,” 
he said. 

DBT employees told Florida 
officials they would get pre- 
cisely the types of incorrect re- 
sults DBT did with the kind of 
query they ran, said Lee. 

“Florida knew and said ‘OK,’ 
because supervisors would 
[manually] double-check [the 


| query results]. But that never 
| happened,” Lee said. By law, 
county commissioners are re- 
quired to do those checks. 

ChoicePoint maintains data- 
bases of public records, such as 
court documents and property 
records, which 7,500 law en- 
forcement agencies across the 
U.S. use to help in their investi- 
gations. Private businesses, 
such as insurance companies, 
also use them to conduct fraud 
mitigation and background 
| checks, Lee said 

Because information is often 
incorrect in the source docu- 
ments, Lee said, it would be 
appropriate for regulation like 
the Fair Credit Reporting Act. 
That law lets individuals 


Changes may 
require upgrades 


BY PATRICK THIBODEAU 
WASHINGTON 

A move in Congress to stan- 
| dardized driver’s licenses with 


data, has promising but poten- 
tially costly implications for 
businesses that want to swipe 
licenses through readers to au- 
thenticate customer identity 
for everything from airline 
ticket purchases to conve- 
nience store beer sales. 

Although a growing number 
of states are encoding ma- 
| chine-readable information on 

driver’s the states 
| aren’t all using similar stan- 
dards or technologies, and that 
creates problems for business- 
es such as Clark Retail Enter- 
prises Inc., an Oak Brook, III.- 
based operator of more than 
1,330 convenience stores. 





licenses, 


encoded, machine-readable | 








| Calif.-based 


review their credit reports and 
submit requests for changes. 


ChoicePoint, however, isn’t 


| regulated by the act. 


EPIC said it filed a suit un- 
der the Freedom of Informa- 


| tion Act after it had been de- 


nied information about gov- 
ernment contracts with private 


| profiling companies. 


EPIC singled out Choice- 
Point and Experian Informa- 
tion Solutions Inc., an Orange, 
subsidiary of 
Manchester, England-based 
GUS PLC, that maintains and 
sells information on USS. citi- 
zens, including credit informa- 
tion, property records, state 
motor vehicle records, and 
marriage and divorce data. 

Although Experian is regu- 
lated under the Fair Credit Re- 


| porting Act, citizens may still 
| not be aware that the govern- 


Businesses Decry Plan for 
r's Licenses 


“It just costs more when you 
have multiple standards,” said 
| Pat Enright, Clark’s IS director. 


| 


Bia meer a 
| Clark isn’t checking licenses 


electronically because of these 
technology issues. But Enright 
said he would like to have that 
ability, explaining that it would 
help enforce product age laws 
and create an audit trail. 

Since Sept. ll, Congress has 
sought to improve the security 
of driver’s licenses by estab- 


. AT A GLANCE 


| The Goals 


The group representing motor 


| vehicle departments wants 
changes in the security of 


driver’s licenses. 


| STANDARDIZATION: Create a uniform 


} secure and in 


perable license. 
gerprints 


DATABASE: Establish a means for motor 
vehicle departments to run national checks 





ment is using that data, Hoof- 


| nagle said. Among the agen- 


cies purchasing the data are | 


the FBI, U.S. Drug Enforce- 


| ment Agency, U.S. Marshals 
Service, Internal Revenue Ser- 


vice, U.S. Immigration and 


Naturalization Service and the 


| Bureau of Alcohol, Tobacco 


and Firearms, EPIC said. 


The U.S. Department of the | 


Treasury didn’t respond to re- 


U.S. Department of Justice said 
it wasn’t sure if it had been 
served with the lawsuit as of 
press time last week. 


| quests for information, and the | 


“Through the mining of pub- | 
lic records and the purchase of 


credit reporting data, private- 
sector companies are amassing 


| troves of personal information 


on citizens for the govern- 
ment,” said EPIC’s Hoofnagle. 
“Serious questions exist in 
volving citizen access to pro- 
files, their accuracy and the 
potential for misuse of person- 


| alinformation.” D 


lishing a national means for 


| checking them and by provid- 
| ing an irrefutable unique iden- 
| tifier, such as a biometric, of 
| the bearer. 


| Need for Standards 


However, initial work to- 


| ward a standard has met resis- 


tance. Business trade groups 
are embroiled in a dispute with 
the Arlington, Va.-based 


| American Association of Mo- 
| tor 
| (AAMVA), 
| licensing standards for state 


Administrators 
which develops 


Vehicle 


motor vehicle agencies. 


Business groups say the 


| AAMVA has set a magnetic 
| stripe specification that isn’t 


compatible with the readers 
that businesses use to check 


| credit and debit cards. 


“Our needs have been ig- 


| nored,” said John Hervey, chief 


technology officer at the Na- 


| tional Association of Conve- 


nience Stores in Alexandria, Va. 
“(The AAMVA] didn’t believe 


| they had to satisfy anybody’s 


needs other than their own.” 
According to Hervey, the 
130,000 stores run by members 
of his group would need $60 
million in equipment upgrades 


| to meet the specification. 


Keeping Tabs 


A partial list of the databases | 
that ChoicePoint maintains: 


»>Claims and public record data | 
> Marketing information services | 
> Vehicle information 

> Credit records 

> Pre-employment screening 

> Background checks 

> Criminal reports 

> Drug screening and testing 

> Negligent hiring and retention 


> Health care fraud and abuse 


Gene Kathol, vice president 


| of research and development 


| some 


at Greenwood, Colo.-based 
First Data Corp., which pro- 
vides payment services at 
2.6 million merchant 
locations, said the AAMVA 
specification would let motor 
vehicle departments store 
some driver’s license data on 
the part of the magnetic stripe 
that the industry has all but 
stopped using — Track 3. This 


| is a read/write track that busi- 


nesses say can be easily rewrit- 
ten by criminals. Readers in 


| use aren’t compatible with it. 


AAMVA said the data that 
retailers seek can be gleaned 


| off tracks 1 and 2, and data off 


Track 3, which includes height 
and weight, isn’t needed to es- 
tablish identification. 

Retail groups and businesses 


| disagree and say the use of 


Track 3 would be a mistake. 
“We have diligently worked 
hard over the last 30 years to 
get away from it. Why on earth 


| would we want to go back that 


| 
| 


way?” said Kathol. B 


. Adding more data to 
Ci driver's licenses won't 
I Ink be easy. Read more 
on our Web site: 


| www.computerworid.com/q?26532 
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extel Spectrum Plan 
Riles Wireless Users 


Realignment proposal could derail secure 
wireless bag-match system at top 15 airports 


BY BOB BREWIN 
EDEX CORP. could in- 
cur expenses of $100 
million to reconfig- 
ure the wireless sys- 
tem that supports its 

mobile package-tracking sys- 

tems under a spec- 
trum reallocation 
proposal developed 
by Nextel Commu- 
nications Inc. And 
the shipper is just 
one of many business and in- 
dustrial wireless system users 


who will be slapped with high | 
costs if the proposal success- | 
the | 
Washington regulatory rounds, | 
Industrial | 
Telecommunications Associa- | 
tion (ITA), an industry group | 
| systems used by “critical infra- 
The Nextel proposal is de- | 
signed to ensure interference- | 
free spectrum for police and | 
fire communications and could | mn 
| Strong Opposition 
Communications | 
| posal would be “an unmitigat- 


fully makes it through 


the 


according to 


that opposes the measure. 


soon be formally considered by 

the Federal 

Commission. 
If approved by the FCC, the 


plan would reconfigure the | 
800-MHz spectrum band to re- | 
800- | 
MHz band consists of inter- | 
leaved channels carrying data | 
from users such as Memphis- | 
based FedEx, police and fire | 
departments and Nextel, which | 


duce interference. The 


operates a cellular-like radio 
network in the band, making 
interference inevitable. 


Nextel, a Reston, Va.-based 
company that’s majority owned 
by cellular phone billionaire 
Craig McCaw, proposed solving 
these problems by moving pri- 
vate wireless operations to 
other bands, clearing the 800- 
MHz band for itself 
and public safety 
agencies. 

The FCC could 
carve out an interfer- 
ence-free slice of the 
band for public safety users as 
early as this summer, accord- 
ing to industry sources. At the 
same time, the National Tele- 
communications and Informa- 
tion Administration is expect- 
ed to release a report within a 
matter of weeks outlining the 
importance of private wireless 


structure” industries such as 
FedEx, ARINC Inc., utilities 
and railroads. 


The ITA said the Nextel pro- 


ed disaster for America’s indus- 
trial, transportation and utility 
sectors.” An ITA letter to the 
FCC added that the Nextel 
plan could disrupt “mission- 
critical communications and 
impose billions of dollars of 
costs on American businesses 
to relocate operational com- 
munications systems that are 


| not causing any interference to 


public safety operations.” 


Nextel 800-MHz Band Reconfiguration Plan| 


> Would provide public safety agencies with contiguous and 
interference-free blocks of spectrum at 806 to 816 MHz and 


851 to 861 MHz 


> Would provide Nextel with contiguous spectrum at 821 to 824 MHz 


and 866 to 869 MHz 


> Would shift most industrial, transportation, utility and railway 


private wireless users to either 700- or 900-MHz bands 


JRCES: NEXTEL WHITE PAPER. ITA, A 


N OF AMERICAN RAILR 


ADS AND ARINC 


| 


ae 





The proposal could also de- 
rail plans by Annapolis, Md.- 
based ARINC, a leading air-to- 
ground communications com- 
pany, to field a highly secure 
wireless system to support 
critical airline operations, in- 
cluding bag-matching systems 
at the top 15 USS. airports, ac- 
cording to Kris Hutchinson, 
the company’s senior director 
of frequency management. 
Hutchinson estimated that the 
Nextel plan could cost his 
company $160 million if AR- 
INC has to shift frequencies 





and buy new voice and data 
digital wireless equipment. 
Nextel suggested to the FCC 
that it move private wireless. 
users to the 700- or 900-MHz 
bands. But Hutchinson said he 
doesn’t know of any manufac- 
turer of digital radios in those 
bands that are capable of meet- 
ing ARINC’s requirements. 
The Nextel proposal has sol- 
id backing from a wide range 
of public safety communica- 
tions organizations, including 
the Association of Public-Safety 
Communications Officials In- 
ternational Inc. in Daytona 
Beach, Fla., and police and 
fire chiefs associations. The 
public safety agencies would 
have to shift some spectrum 
assignments, but Nextel said it 
would provide $500 million 
to fund the change, though 
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the company hasn’t provided 
funding to reallocate the pri- 
vate wireless systems. 

The private wireless users 
sharply question the Nextel 
approach. “[{Interference] is a 
problem that Nextel created 
but wants to solve at everyone 
else’s expense,” Hutchinson 
said. 

Laura Smith, president of 
the ITA, said public safety 
agencies “need to have access 
to interference-free spectrum” 
but the FCC needs to develop a 
band plan that will accommo- 
date all users. 

Larry Krevor, vice president 
of government affairs at Nex- 
tel, said interference “is just 
not a Nextel problem,” adding 
that the company’s planned 
band plan would “accommo- 
date all users.” D 





Rare deployment 
for high-value 
B2C transactions 


BY JAIKUMAR VIJAYAN 
Mortgage vendor Quicken 
Loans Inc. is deploying what 


| may be the first electronic sig- 


nature network for high-value 
business-to-consumer transac- 
tions. 

Starting this spring, the 
Livonia, Mich.-based company 
will let loan seekers use elec- 
tronic signatures to complete 
and submit mortgage applica- 
tions immediately after being 
preapproved online, without 
requiring the usual paperwork 
and ink signatures. 

Unlike emerging efforts to 
implement electronic signa- 
tures in other consumer set- 
tings, Quicken’s loan process 
won't require consumers to 
use private keys, download 
digital certificates or use spe- 


cialized signing software to au- 


thenticate themselves. 

Instead, the company will 
combine information provided 
by the consumer during the 
loan application process with a 
unique user name and infor- 





or Signs On to E-Signatures 


AT A GLANCE 
Cybersigning 
The important distinction 
between digital signatures 
and electronic signatures: 
DIGITAL SIGNATURE: A cryptographic al- 


gorithm that secures and verifies the origin 
and integrity of digitally stored data. 


ELECTRONIC SIGNATURE: A legal con- 
cept defined by the E-Sign law as a sound, 
symbol or process that's permanently at- 
tached to a legal record in such a way that it 
demonstrates a person's intent to sign 


ILANIS TECHNOLOGY INC. , MONTREAL 


mation such as details of an 
auto loan to authenticate users. 
“We are trying to make ap- 
plying for mortgages as easy as 
applying for a credit card,” said 
Kevin McCallum, the Quicken 
systems architect in charge of 
the electronic signature imple- 
mentation. Quicken is a wholly 
owned subsidiary of Mountain 
View, Calif.-based Intuit Inc. 
Quicken’s effort shows that 
some corporations may finally 
be working through the techni- 


| cal, regulatory and legal con- 


cerns related to the use of elec- 
tronic signatures in high-value 
consumer transactions, said 
Avivah Litan, an analyst at 
Stamford, Conn.-based Gart- 





ner Inc. “As far as I know, 
Quicken Loans is the first ap- 
plication to implement e-signa- 
tures in high-value B2C trans- 
actions,” she said. 

Though the E-Sign law was 
passed in 2000, adoption of 
electronic signatures has been 
slow because of uncertainty 


| surrounding technology stan- 


dards, authentication methods 

and federal and state consumer 

protection requirements. 
Quicken is depending on a 


| server-based electronic signa- 


ture software package called 
Approvelt from Montreal- 
based Silanis Technology Inc. 
to address these issues. 
Approvelt captures, time- 
stamps and records what the 
borrower sees, clicks on, agrees 
to and electronically signs. The 
information is securely bound 
to the final digital loan docu- 
ments as proof that the borrow- 
er’s intent was captured in ac- 
cordance with all applicable 
regulations, said Tommy Petro- 
giannis, president of Silanis. 
However, there is no telling 
how such electronically signed 
documents might fare if chal- 
lenged in court, said McCal- 
lum. “Right now, it is hard to 
say because there is no case 
precedent,” he said. D 
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AT&T, Accenture Ink 
$2.68 Services Deal 


AT&T Corp. handed off responsibili- 
ty for managing new technology de- 
velopment at its long-distance sales 
and customer service operations to 
Hamilton, Bermuda-based Accen- 
ture Ltd. in a five-year deal valued 
at $2.6 billion. The companies said 
Accenture will lead the rollout of in- 
teractive voice response, Web and 
customer relationship management 
technologies at the AT&T unit. 


Morgan Stanley Cuts 


IT Jobs, Projects 


New York-based financial services 
firm Morgan Stanley Dean Witter & 


NEWS 


Straight" Through ‘Trade 
Processing Pressures IT 


Lack of standardization i is s holding up 
compliance, conference attendees say | 


| BY LUCAS MEARIAN 
NEW YORK 


| Street conference on straight- 


ORE THAN half 
of the IT and 
business man- 
agers who at- 
tended a Wall 


| through trade processing last 
| week said they haven’t begun 
| upgrading their organizations’ 


| IT infrastructure and business | 
rules in order to reach straight- | 
| through processing goals. 


Co. said it laid off 120 IT workers as | 


part of a cost-cutting program that 
includes the postponement or can- 
cellation of unspecified technology 
projects. About two-thirds of the 
affected employees worked in North 
America, said Morgan Stanley, 
which wouldn’t release further 
details on the cutbacks. 


Exodus Asset Sale 


Approved by Judge 


AU.S. Bankruptcy Court judge in 


Delaware approved Exodus Commu- 


nications Inc.’s plan to sell most of 
its Web hosting assets to London- 
based Cable & Wireless PLC. The 
sale of U.S. operations covered by 
the deal is expected to be complet- 
ed late this month or early next 
month, said Santa Clara, Calif.- 
based Exodus. The agreement in- 
cludes Exodus’ customer contracts. 


Short Takes 


The Washington-based FEDERAL 
COMPUTER INCIDENT RESPONSE 
CENTER said it received 89 reports 
of root-level system compromises 
from U.S. government agencies and 
departments last year, down from 
155 in 2000. . . . HEWLETT- 
PACKARD CO. said it plans to out- 
source more of its PC manufactur- 
ing in order to cut operating costs. 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 


The target date to meet 
those requirements is. still 
more than three years away be- 
cause it was postponed by two 


years following the Sept. 1] at- | 
tacks. It’s expected to take at | 
least a year for firms to amend | 
their business rules, integrate | 


their systems and adopt stan- 
dards to meet the stricter 
terms and time constraints for 
clearing and settling financial 
transactions within 
window, experts say. 


The Trade-Matching Dance 


NEW YORK 

The deployment of so-called virtu- 

al trade-matching utilities would be 
key to speeding trade settlements. 

A virtual trade-matching utility 
is software that would use a virtual 
private network to verify all as- 
pects of a trade and ensure that 
all parties agree on the terms. 

The Global Straight Through 
Processing Association (GSTPA), 
an industry consortium, and Om- 
geo LLC, which is jointly owned by 
the Depository Trust & Clearing 
Corp. and Boston-based Thom- 
son Financial, are finishing work 
on trade-matching utilities for 
real-time, post-trade processing. 
The GSTPA expects its trade- 
matching systems to go live by 
June, while Omgeo expects to be 
working on its system over the 
next two to three years. 

However, even when those 
trading platforms are ready to go 
live, individual securities firms 
must still have robust back-end 
systems and business rules to 
handle straight-through process- 
ing of trades, including a common 
messaging platform and an inte- 
grated systems network. 

Some industry practitioners 
voiced concern over potential 
conflicts between the two groups 
vying to build trade-matching en- 





gines. But Fritz McCormick, an 
analyst at Celent Communications 
LLC in Cambridge, Mass., said 
competition would help to develop 
the most viable system. 

Others at the STP/T+1 confer- 
ence here said they're worried 
that a virtual matching utility 
wouldn't meet Securities and Ex- 
change Commission (SEC) rules 
for notification of all participants 
of a trade, which is currently done 
through paper certificates. 

SEC Rule 10b-10 under the Se- 
curities Exchange Act of 1934 re- 
quires brokers and dealers to pro- 
vide customers immediate written 
notification of information relevant 
to their securities transactions. 

“An electronic contirmation 
satisfies 10b-10 if information re- 
ferred to by 10b-10 is distributed 
to everyone in the transaction,” 
said Larry Bergmann, senior asso- 
ciate director of market regulation 
at the SEC in Washington. 

Bergmann also put to rest the 
notion that two trade-matching 
utilities wouldn't share informa- 
tion. After more than one match- 
ing engine is set up, the others 
“must get together and work out 
interoperability,” he said. “If they 
can't in 60 days,” they would be 
forced into arbitration, he added. 

~ Lucas Mearian 
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a 24-hour | 
| in products, 
| operating 


| build one. 


Shaw Lively, an analyst at 
IDC Corp. in Framingham, 
Mass., said it can take as long to 
test a straight-through process- 
ing (STP) system as it does to 
Even without the 


planning phase, a_ straight- 


through processing project can | 


take more than a year to com- 
plete, he said. “It’s not just 
about assembling the compo- 
nents. There’s a lot of vendors 
who have built various systems, 
but you still need to integrate 
those systems with yours.” 

The reason behind the slow 
rate of compliance? “There’s a 
lack of market standardization 

technology and 
platforms,” 


| James Lafaman, managing di- 


rector of New York-based Mor- 


| gan Stanley Dean Witter & Co. 


|| Lafaman was one of the 1,000- 


| plus attendees at the Securities 


Industry Association’s (SIA) 


| | STP/T+1 conference here. 


Lafaman’s concerns were 


| echoed by others at the confer- 


ence 


who feel the industry 


| needs to come up with a best 
| practices model for dissemi- 
| nating trade information. 


Arthur Thomas, chairman of 


| the SIA’s T+1 Steering Commit- 
| tee and chief operating officer 
| at Merrill Lynch & Co. in New 


York, 


said financial services 


| firms should have already as- 
| sessed the cost and technology 


| needed 


for straight-through 


| processing and T+l, or trade- 
| plus-one-day clearing. 


till Evaluating Options 


vices firms at the conference 
revealed that 41% are still eval- 


| uating how to move to straight- 
through processing and T+. 


| tems, 3% reported they are in | 
| the planning stages, and just | 
1 | 13% 
| modifying their back-end sys- | 


Almost 10% of those compa- 
nies said they haven’t even 
started to evaluate their sys- 


said they have started 
tems and business rules. Mean- 
while, only 1% said they are 


currently testing their straight- 


said | 
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T+1 and Counting 


Last week, Chicago-based 
Andersen and the SIA polled 
113 brokerages about their 
STP/T+1 plans. Here’s a sam- 
pling of the results: 


22% said they would 
spend less than $500,000 to 
achieve straight-through process- 
ing (STP), and another 22% said 
they would spend between 
$500,000 and $3 million. 


58% said 10% or less of 
their total 
is allocated to STP/T+1 this year. 


57% said they had not 
considered using outside ven- 
dors for STP/T+1. 


90% said they would 
complete there business rules 
and IT systems upgrades for 
STP/T+1 by the SIA’s June 2005 
target date; 30% said they would 
complete it by December 2003. 
Only 5% said they would miss the 
target date. 


through processing systems. 

“For T+1, matching trades is 
the largest gap we have to 
cross,” said Thomas. 

Tom McGahey, a consultant 
with Atlanta-based Wachovia 
Corporate Services Inc.'s 
STP/T+1 program, said Wa- 
chovia Corp. has already set up 
a communications network be- 
tween IT departments and 
their respective business units 
to smooth the transition. “You 
have to understand that the 
business requirements must 
come first, and then you build 
the technology to support 
that,” McGahey said. 


Donald Donahue, managing 


| director for the customer mar- 
A survey of 113 financial ser- | 
| at the New York-based Deposi- 


keting and development group 


tory Trust & Clearing Corp., 
said his firm plans to release a 
white paper in the next week 
that will propose industry 
changes needed for straight- 
through processing, such as a 
centralized trade settlement 
system and an industrywide 
communications network. 

“Straight-through process- 
ing is an issue that affects all 
processes in the industry,” 
Donahue said. D 
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Retail CEOs Hold the 
Line on Tech Spending 


Few say their companies plan to 


undertake major new systems initiatives 


BY CAROL SLIWA 
NEW YORK 
ETAILERS may not 
be penciling in 
hefty increases to 
their IT budgets 
this year, but they 
won't be doing any mad slash- 
ing either. 

Most CEOs interviewed last 
week at the 
Federation’s annual confer- 
ence here said they will either 
keep IT spending as budgeted 
or cut it slightly. Few, however, 
indicated that they would be 
taking on major new systems 
initiatives. 

“We've got to watch [IT 
spending] carefully. It will not 
increase,” said Leonard Riggio, 
CEO of Barnes & Noble Inc. 
in New York. “My druthers are 
that we would definitely cut 
back a bit.” 

Retailers “can’t sit on [their] 
hands” with technology, Riggio 
said, but they must be cautious 
with major initiatives, especial- 
ly in these times of economic 


uncertainty. “That’s the thing | 


about technology. You've al- 


ways got a million things to do 
that you can’t get to,” he said. | 
“And we have such a list. It goes | 


on and on.” 


Pushing Ahead 


Some retail CEOs said their | 
firms will continue working on | 
big projects that are already | 


under way, including installa- 
tions of major merchandising, 
warehouse and inventory man- 


agement packages, and point- | 


of-sale systems. Also, some 


said they will focus on trying | 


to get more out of the systems 
they already have. 

“How much technology do 
you really need to run your 
business?” said Mark Bozek, 
CEO of St. Petersburg, Fla.- 


National Retail | 


| based HSN LP, a subsidiary of 


| USA Networks Inc. He said 


ing better products to sell over 
the company’s Home Shopping 
Network and producing more 
entertainment shows. “I'll do 
much better doing that than I 
will this year investing on IT,” 
he said. 

But Bozek said he can’t cut 
IT spending dramatically. He 
said HSN will scale back only 
slightly on the $35 million to 
$40 million it spent last year 
and focus on upgrading and 
implementing some of the ma- 


past few years. Those include 


he would rather focus on hav- | 


jor systems it bought over the | 


| order, warehouse and inven- 
tory management systems. 

However, Bozek said he be- 
lieves that a company can slow 
| down its product upgrades. 
| “The [technology vendor] 
world loves to create these 
sorts of ridiculously expensive 
upgrades that they build into 
the purchase price of it,” he 
said. “You buy it one minute, 
and then next year [you say], 
‘Oh, we've got to upgrade,’ and 
there’s another $20 million.” 

David Suliteanu, CEO of San 
Francisco-based Sephora USA 
LLC, said his firm invested a 
substantial amount of money 
in its first two years to get 
a stable IT platform. But this 
year, he said, IT will be a 
“maintain expense.” 

Suliteanu said his decision is 
| based more on business prior- 


1 
| 








How much 
technology do 
you really need 

to run your 

business? 
MARK BOZEK, CEO, 


HOME SHOPPING NETWORK 


ities than on the economic 
downturn. Suliteanu noted that 
the beauty products industry 


| tends to be “recession-proof” 


and does well in tough times. 
Most CEOs don’t find them- 





Retail ClOs Focus on High-Priority Projects, Cutting Costs 


Tightened purse strings are forcing many retail ClOs 

to focus on high-priority IT projects, as they stay on the 
lookout for creative ways to cut costs to help pay for 
those projects. 

Retailers attending last week's National Retail Feder- 
ation annual conference talked about completing proj- 
ects they started in prior years, getting more return from 
the systems they have in place and launching only 
those new initiatives that are critical to the business. 

“We've gotten very rigorous about the projects 
that we're doing. And we're looking to make sure that 
we're being fully efficient on the processing side,” said 
Ken Harris, ClO at San Francisco-based The Gap Inc. 
Harris said his company has considered moving some 
project timelines. 

High-priority projects cited by retail ClOs ranged 
from the installation of merchandising, inventory man- 
agement and point-of-sale systems to the unification of 
disparate customer databases. To pay for those initia- 
tives, some retailers said they would postpone low- 
priority projects, seek out projects with a quick return 
on investment and look for ways to cut costs. 

Judith Formichella, vice president of IT at New York- 
based Polo Ralph Lauren Corp., said her CEO told all 
departments to cut expenses by 5%, and she thinks 
she can do better. 

Formichella said she will try to renegotiate software 
maintenance contracts and put the savings toward 
new capital projects. Top priorities will be supply chain 
and inventory management, completion of a point-of- 


sale rollout and moving Polo to common systems on 
a global basis, Formichella said. 

Evelyn Follit, senior vice president and C10 at 
RadioShack Corp., said the Fort Worth, Texas-based 
retailer plans to continue to use offshore programmers 
to develop code, emphasize training for U.S.-based 
staffers “in this time of low turnover” and revisit vendor 
contracts to make sure her company is realizing the 
“correct value from the agreement.” 

Those efforts should help Follit’s 1T department take 
on a new project to improve the analytics that enable 
RadioShack to optimize pricing and other business 
functions. Follit said her company also will focus on 
supply chain improvements. 

Phillip Maxwell, senior vice president and CiO at The 
Neiman Marcus Group Inc., said the Dallas-based luxury 
retailer had a large IT budget increase planned. Instead, 
the budget will stay relatively flat. Priorities include uni- 
fying the company's approximately 20 customer data- 
bases and creating a gift registry, with both projects 
expected to generate new sales. 

Replacing Neiman Marcus’ aging point-of-sale sys- 
tems, by contrast, won't bring a good return on invest- 
ment, Maxwell said. 

“If the system is eight or 10 years old, you have to go 
do something about it,” he said. “Same way as we move 
into financial systems. There won't be a good ROI on it, 
but it’s the basis to do some other things that we want 
to do afterward.” 

~ Carol Sliwa 
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selves in that situation, how- 
ever, and some said they will 
press forward on crucial IT 
projects despite the economy. 
Terry Lundgren, president 
and chief merchandising offi- 
cer of Cincinnati-based Feder- 
ated Department Stores Inc., 
which includes Macy’s and 


| Bloomingdale’s, said his com- 


pany will invest in a new mer- 
chandising system and contin- 
ue work on a marketing system 
project that began last year. 

“This [systems work] is ac- 
tually going to help us, not hurt 
us,” Lundgren said. 

George Jones, president and 
CEO of Saks Inc.’s Department 
Store Group in Birmingham, 
Ala., said that this year will be 
significant for IT as the com- 
pany moves toward common 
systems across its four operat- 
ing divisions. 

Jones said it’s a project of 
such importance that it will 
receive “primary dedication” of 
the firm’s resources. Although 
there’s no breakthrough tech- 
nology involved, the company 
expects to benefit substantially 
by gaining the ability to micro- 
market by store and giving its 
merchants new planning and 
allocation tools, he said. 

Meanwhile, Hudson Bay Co. 
will forge onward with a five- 
year IT legacy systems over- 
haul that started three and a 
half years ago, also with the 
full support of its CEO. “IT 
comes to the head of the line 
because it is the one part of the 
strategy that has an effect on 
every single part of the busi- 
ness,” said George Heller, CEO 
of the Toronto-based company. 

Heller said a company can 
continue to fall behind and be 
forced to take increasingly 
greater risks if it doesn’t stay 
current with IT developments 
to help run the business. 

“Retail has gotten far more 
scientific than it was in the 
past,” he said, recalling the 
days when “you had buyers 
who had a good nose for this 
or that. Today, it is about effi- 
ciency ... decision support ... 
inventory control.” D 
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Gates: Microsoft Must 
Focus on Security 


Bill Gates, Microsoft Corp.'s chair- 
man and chief software architect, 
issued an internal memo stating that 
“trustworthy computing” should be 
the company’s highest priority. 
“When we face a choice between 
adding features and resolving secu- 
rity issues, we need to choose secu- 
rity,” Gates wrote. Meanwhile, Mi- 
crosoft said it fixed a faulty server 
that kept Windows XP users from 
downloading software patches. 


Revenue Up, Profits 
Down at Microsoft 


Microsoft announced that revenue 
in its second quarter ended Dec. 31 
amounted to $7.7 billion, up 18% 
from the year-earlier level of $6.6 
billion. But the company’s second- 
quarter net income fell 12% year to 
year, from $2.6 billion to $2.3 bil- 
lion. The latest results included a 
$660 million charge related to a 
proposed settlement of class-action 
lawsuits over Microsoft's pricing. 


IBM Reports Drop in 
04 Sales, Income 


IBM reported its second straight 
down quarter, with net income for 
the fourth quarter at $2.3 billion - 
off 13% from the same period in 
2000. Fourth-quarter revenue 
declined 11% year to year to $22.8 
billion, which IBM partly attributed 
to weak PC sales. But mainframe 
revenue for the year as a whole was 
up for the first time since 1989. 


Hackers Targeting Sun 
Systems, CERT Wams 


The CERT Coordination Center at 
Carnegie Mellon University in Pitts- 
burgh warned that hackers are ac- 
tively trying to break into Sun Micro- 
systems Inc. hardware left unpro- 
tected against a well-known security 
hole that affects the user interfaces 
in various versions of Unix. 


| 
| 
| 
| 
| 
| 
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NEWS 


Utility Companies Face 
Barrage of Cyberattacks 


| Outsourcing program offers a potential 


means of developing better tactical defenses 


| BY DAN VERTON 


ANY OF THE 
nation’s utility 
companies are 
finding it in- 
creasingly dif- 


| ficult to keep up with the num- 


ber of cybersecurity incidents 


| involving their control systems. 


Determining what to do 


| about that problem 





was a key topic ad- 


dressed at a utilities 
conference last week iT 

in New Orleans. The 
conference, sponsored by the 
American Gas _ Association 
(AGA) and the Edison Electric 
Institute (EE), included a pan- 


| el of experts who discussed the 


security challenges utility com- 
panies face as they deploy 
greater numbers of commer- 
IT systems throughout 
what is arguably one of the 
most critical sectors of the U.S. 
infrastructure. 


cial 


| Information Overload 


Companies that belong to 


| the AGA or the EEI, both of 


which are based in Washing- 


| ton, account for all of the natur- 


al gas used by businesses in 


| 





every state and 75% of all the 
electricity generated in the U.S. 
A large utility “could have a 
million [intrusion] events that 
need to be analyzed,” said Will 
Evans, vice president of IT 
services at People’s Energy 
Corp., a Chicago-based AGA 
member company that serves 
about 1 million customers in 
Chicago and north- 
eastern Illinois. “I 
don’t think anybody 
has the capability to 
do that in-house. It’s 
practically impossible.” 
According to Alexandria, 
Va.-based security firm Rip- 
tech Inc., 
intrusions is particularly dis- 
turbing given the nature of the 
nation’s Supervisory Control 
and Data Acquisition (SCADA) 
systems, which are used to 
manage the flow of electricity. 
In a white paper prepared 
by Riptech in January 2001, 
the company detailed how the 
power industry’s demand for 
remote access has encouraged 
many utility firms to establish 
connections to SCADA sys- 
tems. In addition, some utili- 
ties have added connections 


Vulnerability Assessment Triggers Alarms 


Data collected on cyberattacks dur- 
ing the past six months by a securi- 
ty firm that monitors corporate net- 
works throughout the world shows 
that companies in the energy indus- 
try suffer attacks at twice the rate of 
other industries. And many of those 
attacks appear to be sponsored by 
governments or organizations in 
the Middle East. 

A recent threat assessment con- 
ducted by security firm Riptech 
studied more than 5.5 billion fire- 
wall logs and intrusion-detection 
system alerts. Of the approximately 


129,000 validated cyberattacks 
uncovered, power and energy com- 
panies averaged 12.5 severe or crit- 
ical attacks requiring immediate 
intervention per company. That rate 
is more than twice the average rate 
of attacks for all 300 companies 
surveyed, according to Tim Belcher, 
Riptech’s CTO. 

In addition, Belcher said he has 
uncovered evidence that the aver- 
age number of attacks originating 
from the Middle East is nearly twice 
as high per utility company as for 
companies in the high-tech, media 


the large number of 





between corporate networks 
and SCADA networks in order 
to allow executives to obtain 
instant access to data about the 
status of their operational sys- 
tems, according to Riptech. 

“The security strategy for 
utility corporate network in- 
frastructures rarely accounts 
for the fact that access to these 
systems might allow unautho- 
rized access and control of 
SCADA systems,” the white 
paper concluded. 


Outsourcing Option 

To address the problem, 
Riptech developed a_ four- 
pronged outsourcing program. 

The company announced 
last week that it will offer pref- 
erential pricing treatment to 
all AGA and EEI member com- 
panies that require round-the- 
clock network monitoring, se- 
curity assessments focused on 
the unique industrial control 
systems used by the industry, 
and secure architecture de- 
sign, in addition to a secure 
gateway through which utili- 
ties can feed tactical intrusion 
information into the energy 
sector’s Information Sharing 
and Analysis Center. 

The services are based on 
requirements spelled out by a 
council of utility company 
ClOs, said Tim Belcher, Rip- 


and financial services industries. 

“For the first time, this provides 
empirical evidence that critical in- 
frastructures do have profiles of at- 
tacks that appear to be sponsored 
by governments or other organiza- 
tions in what we would consider to 
be threat countries,” said Belcher. 

Belcher's statements come on 
the heels of an internal law-enforce- 
ment warning issued Jan. 16 by the 
FBI's National Infrastructure Protec- 
tion Center about potential Internet- 
based attacks targeting utilities and 
municipal and state government in- 
formation systems. 

~ Dan Verton 





VA 
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@= SCADA systems reside on 
physically separate networks. 


= Connections between SCADA 
systems and other corporate 
networks are protected by 
strong access controls. 


= SCADA systems require special- 
ized knowledge, making them 
difficult for network intruders to 
access and control. 


VULNERABILITIES 


® The information on SCADA sys- 
tems is publically available. 


= Domain name servers permit 
“zone transfers,” revealing IP 
addresses and server names. 


= Maintenance dial-ups often fail 
to implement access policies. 


@ There's no internai firewall 
or intrusion-detection system 
in use. 


tech’s chief technology officer. 

Evans characterized the pro- 
gram, particularly the secure 
tactical information sharing 
effort, as an important step 
for the utility industry. Execu- 
tives from the AGA and EEI 
have been evaluating vendors 
for such services since before 
the Sept. ll terrorist attacks, 
which highlighted the vulner- 
ability and importance of the 
nation’s critical infrastruc- 
ture, Evans said. 

Joe Weiss, technical manag- 
er of the Enterprise Infrastruc- 
ture Security Program at the 
Electric Power Research Insti- 
tute in Palo Alto, Calif., said 
he’s encouraged by the Riptech 
offer. But he added that he re- 
mains concerned that the in- 
dustrial sector as a whole 
hasn’t yet addressed the funda- 
mental cybersecurity chal- 
lenges stemming from its use 
of legacy control systems. 

“Firewalls and_ intrusion- 
detection systems have been 
designed to protect against 
known IT exploits,” said Weiss. 
“That has nothing to do with 
industrial control systems.” D 
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Airlines 


difficult in just two months — 


and impossible in two days, in- | 


dustry experts agreed. 

Without qualifying the state- 
ment, Mineta said in his speech 
that “on originating flights, bag- 
gage will be matched to its pas- 
senger.” When asked the next 
day for clarification, Hank 
Price, a spokesman for the new- 
ly formed Transportation Secu- 


rity Administration (TSA), an | 


agency of the DOT, stated ex- 
plicitly that bag matching would 


be required on 100% of originat- | 


ing flights — as opposed to con- 
necting flights — with all bags 
matched to passengers. 

Yet at the same time, Rebec- 
ca Trexler, a spokeswoman for 
the Federal Aviation Adminis- 


tration — also an agency of the | 


DOT — said bag matching was 
“required on all originating 
flights, but not necessarily for 
every bag.” 

When asked in a telephone 
interview to clarify the contra- 
diction, Paul Takemoto, anoth- 


er TSA spokesman, said, “I | 


don’t want to get into the fray,” 
and hung up. 


Sheer Confusion 

To further complicate mat- 
ters, DOT spokesman 
Mosley on Jan. 17 at first said 


all bags would indeed have to | 
be matched to passengers on | 
all originating flights. But he | 
later recanted. “I retract what I | 
said. The FAA was correct,” | 


Mosley said. “We not 
matching every bag. For secu- 
rity reasons, we are not dis- 


are 


closing what percentage [will | 
go through bag matching].” | 
other | 


Mosley said that he, 
DOT spokesmen and Mineta 
had been relying upon old in- 
formation. 

That the agencies oversee- 


ing the implementation of the | 


guidelines were so confused 


was unsettling to the airlines, | 
which have been working on | 


compliance plans for months. 


ene SOSH Sa eS ENERGON AIO ATI 
MOREONLINE nut :cc oi 


Mineta’s speech to the Transportation 
Research Board can be found at 
www.dot.gov/affairs/O11602sp.htm 


| by Congress in 


| lines by demonstrating the use 





Bill | 


The Aviation and Trans- 
portation Security Act, passed 
November, 
stipulated that airlines could 
meet the new security guide- 


of one of four kinds of bag- 
gage-screening procedures: 
explosives-detection systems, 
K-9 bomb-sniffing teams, hand 
searches or bag matching. Bag 
matching assures that every 
bag in the cargo hold belongs 
to a passenger who has board- 
ed the plane. But Mineta’s 
statement appeared to indicate 
that bag matching would be a 
requirement, not an option. 
Officials at American Air- 
lines Inc., United Air Lines 
Inc., Northwest Airlines Corp., 
Southwest Airlines Co. and 
Alaska Airlines Inc. all said on 
Jan. 17 that they had no indica- 
tion from their contacts at the 





DOT, TSA and FAA that the re- 
quirements had changed, and 
they weren’t modifying their 
compliance plans, despite 
Mineta’s statement. “The in- 
dustry would have been in a 
panic” otherwise, said one air- 
line spokeswoman. 


GM Drives App 
Development 


Automaker uses programmers in India 
for the first time to speed up Web project 


BY LEE COPELAND 
ENERAL MOTORS 
Corp. last week 
launched its lat- | 
est Web-based | 
application for 
car owners, marking the first 
time it has relied on an off- 
shore organization for a big ap- 
plication development project. 

In doing so, the automaker 
joined a growing list of compa- 
nies turning to offshore devel- 
opment as a means to quickly | 
complete complex projects. 
GM credits this approach with | 
building the application in six 
months and at substantial cost 
savings over using U.S.-based | 
consultants, said Stu Dressler, | 
global program manager of 
Owner Center at GM. 

Owner Center is a Java- | 
based Web application that al- | 
lows registered GM _ vehicle | 
owners to track warranty, re- 
call and service information | 
online. It was built with BEA | 


Systems Inc.’s WebLogic appli- | 


cation server, Art Technology 
Group Inc.’s_ personalization 
server and a Web server from 
iPlanet E-Commerce 
tions, an alliance of Sun Mi- 
crosystems Inc. and AOL Time 
Warner Inc. 

Teaneck, N.J.-based 
nizant Technology Solutions 


Project Tips 
To keep offshore development 
projects on track and on 
budget, users suggest the 
following: 

ENLIST technical leads and systems 
architects at the end-user company to 
manage the development project. 


REQUIRE the offshore organization 
to provide an on-site liaison to bridge 
cultural and communication gaps. 


THINK ahead to the project's end and 
make sure that you retain or train internal | 
staffers to maintain the application. 


Solu- | 


Cog- | 





Most airlines made vague 
announcements indicating 
that they would be able to meet 
the Friday deadline. 

Separately, American Air- 
lines in Fort Worth, Texas, said 
in a statement that it had made 
changes to its computer check- 


ication 
ffshore 


Corp. led the project for GM. 
Two to four project leaders 
working at GM’s Detroit head- 
quarters managed a team of 
about 25 developers in Banga- 
lore, India, Dressler said. 

Many companies outsource 
IT services to manage costs 
during economic downturns. 
But the complexities of these 
relationships, particularly with 
offshore vendors, require 
strong project management on 
the user’s part, said Mike 
Dodd, an analyst at Giga Infor- 
mation Group Inc. in Cam- 
bridge, Mass. 

“When done properly, [off- 
shore development] can 
achieve cost-cutting goals, but 
it’s not a silver bullet,” he said. 
“It’s like a marriage: If you rush 
in with haste, it won’t work.” 

Caterpillar Financial Ser- 


| vices Corp. has also tackled | 


that challenge. The Nashville- 


based financial wing of Cater- | 
| pillar Inc. launched a Web- 
|| based 
}| year’s end — a multimillion- 


financial system at 
dollar project that took three 
years to build and utilized off- 
shore developers in India, with 
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in system “to prevent situa- 
tions in which bags are board- 
ed but the owners of the bags 
are not. American Airlines 
tested the procedures at multi- 
ple airports to refine them, and 
everything was coordinated 
with the DOT.” 

American said it wasn’t rely- 
ing upon wireless networks to 
implement the bag-matching 
procedures in order to comply 
with the Friday deadline. 
Widely acknowledged security 
problems with wireless net- 
works were a major cause of 
concern as the deadline ap- 
proached [Page One, Jan. 14]. 


Reporter Bob Brewin con- 
tributed to this report. 


MORE? 


Nextel’s spectrum plans may affect wireless 
users - and bag matching. See page 8. 


project leaders in Chicago, said 
Tom DePauw, manager of IT at 
Caterpillar Financial. 

To manage the development 


pillar could maintain the appli- 
cation, DePauw hired applica- 
tion architects and trained em- 
ployees already on staff in en- 
terprise Java and project man- 
agement skills. “We grew our 
support team internally to 
match the project,” he said. 
Having an on-site liaison to 
manage offshore development 
projects is another key compo- 
nent of success. Chicago-based 
ThoughtWorks Inc. played that 
role for Caterpillar Financial, 
and Cognizant Technology 
served as the liaison for GM. 
That kind of link between 


| U.S. and offshore developers is 


critical, said Evelyn Follit, CIO 
at RadioShack Corp. in Fort 
Worth, Texas. 

The electronics retailer is 
developing new applications 
using India-based developers 
managed through Cognizant. 
Follit said an on-site liaison 
can bring in additional cost 
savings by ensuring that code 
is reliable and meets quality 
benchmarks. D 


ick 
Quic 


Ford Motor Co. is 
going in a different 
direction: bringing IT 
jobs in-house. Visit 


| www.computerworld.com/q?26540 
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For more than a decade, DLTtape™ technology 
has been known for its unparalleled reliability 
in data protection and retrieval. In fact, 
DLTtape cartridges must pass a stringent 
process to become 

fully qualified and 

display the 

DLTtape logo. 

That’s why you'll 

always want to look for 

the DLTtape logo when buying 

DLTtape products. it ensures that your 
company’s mission-critical data is trusted 
to quality media that has met the highest 
standards for reliability, compatibility 


and performance. You’re also guaranteed 


to be getting the de facto standard for data 
backup and retrieval. Products that do not 
have the DLTtape logo have not met these 
stringent qualification standards. 

So, be 
sure to use 
cartridges 
that carry the 
DLTtape logo. 
It gives you 

the confidence of knowing you’ve purchased 
the ultra-reliable backup solution that’s 
chosen 5:1 by IS/IT managers. To find out 
how the DLTtape logo has become the 
ultimate symbol of quality and reliability, 


go to www. dittape.com/qualifiec. 


©2001 Quantum Corporation. All rights reserved. The DLTtape logo is a registered trademark and DLTtape is a trademark of Quantum Corporation 
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» . Yes you can. Introducing Microsoft® Windows® XP 
Bgocoo ear meen ar lecl ics mobility toa much 
. higher place. For starters, users don’t even need 
to bring their PCs whem they travel. The Remote 
Desktop feature in Windows XP provides users easy 
remote access to their work PC from another PC. 
They carr work with files and folders, check and send 
e-mail, and securely.do from-the road virtually 
everything they can do while sitting in front of their 
> office desktops. When users do travel with PCs, 
features like support for easy wireless network access, 
Windows Messenger, secure VPN support, and the 
Encrypting File System mean road warriors are doing 
4 what they need to do, and leaving you free to CR 
you need to do. With Windows XP, you can. 
www.microsoft.com/windowsxp/itpro 
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~ NEWS 


Report: U.S. Businesses Skimp on Cyberattack Protections 


BY LINDA ROSENCRANCE 
U.S. companies aren’t doing 
enough to protect their IT sys- 
tems from the threat of cyber- 


attacks, according to a report 


released this month by the | 


Computer Science and Tele- 
communications Board (CSTB). 


The CSTB, a part of the Na- 
tional Academy of Sciences in 
Washington, also said software 
and computer vendors should 


be held liable for system 
breaches if they don’t drasti- 
cally improve the security of 
their products. But the panel’s 
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report asserted that many cor- 
porate users “tend to underin- 
vest” in IT security measures. 

In the report, a synthesis of 
information contained in Na- 
tional Research Council re- 
ports over the past 10 years, the 
CSTB said, “From an opera- 
tional standpoint, cybersecuri- 
ty today is far worse than what 
known best practices can pro- 
vide. Even without any new se- 
curity technologies, much bet- 
ter security would be possible 
if technology producers, oper- 
ators of critical systems and 
users took appropriate steps.” 

Many companies don’t im- 
plement the necessary level of 
security because that can be 
expensive, the report said. The 
CTSB also acknowledged that 
payback is uncertain “because 
serious cyberattacks are rare.” 
But shortchanging security 
could be catastrophic for com- 
panies, warned the CSTB, 
which provides advice to the 
U.S. government on technical 
and public policy issues 
related to IT. 


Investment Options 

Eric Hemmendinger, an ana- 
lyst at Aberdeen Group Inc. in 
Boston, said the concerns 
raised by the CSTB aren’t en- 
tirely new. But he said he 
agrees that many users still 
aren’t doing enough to protect 
themselves from cyberattacks. 

“Companies are more con- 
cerned with risk management 
than with risk elimination,” 
Hemmendinger said, adding 
that IT managers need to “de- 
termine what their comfort 
zone is” when deciding how 
much to invest on security. 

Some IT managers elect not 
to do more to protect their sys- 
tems because such _invest- 
ments would consume money 
and personnel that are needed 
for other technology projects, 
said Pete Lindstrom, an analyst 
at Hurwitz Group Inc. in Fram- 
ingham, Mass. “It’s hard, te- 


cess to exhibit floor ¢ V.I.P. seating at Keynotes © Access to ANY 
e conference session ¢ FREE ECM White Paper ¢ An AIIM T-shirt dious work, and not everyone 
is willing to put in the effort,” 
Lindstrom said. “It’s easier to 
pay lip service to security.” 

As a result, he added, securi- 
ty considerations often take a 
backseat when companies set 
plans for developing and man- 
aging their IT installations. D 
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BRIEFS 


Intel Names President: 


04 Income Declines 


Intel Corp. reported net income of 
$504 million for the fourth quarter 
of 2001, down 77% from $2.2 bil- 
lion in the same period of 2000. 
Fourth-quarter revenue fell 20% 
year-to-year, from $8.7 billion to 
$7 billion. intel also named Paul 
Otellini its president and chief oper- 
ating officer. Otellini had been man- 
aging Intel’s microprocessor and 
chip-set businesses since 1998. 


Oracle Signs Two 


Acquisition Deals 


Oracle Corp. has acquired the tech- 
nology assets of Indicast Corp., 

a San Diego-based developer of 
voice-enabled Internet software. 
Oracle also announced that it has 
agreed to buy NetForce Inc., a San 
Francisco-based vendor of software 
used by pharmaceutical companies 
to track information about the safe- 
ty of drugs. The financial terms of 
the two deals weren't disclosed. 


3Com Decentralizes, 
Makes More Cuts 


Santa Clara, Calif.-based 3Com 
Corp. laid off 500 more employees, 
cutting its 5,900-person workforce 
by 8%. The struggling networking 
vendor also said it’s transferring re- 
sponsibility for marketing, human 
resources and financial data analy- 
sis from the corporate level to its 
three operating units. Accounting 
and internal IT functions will contin- 
ue to be managed centrally. 


Short Takes 


Keeping in line with a prediction 
made two weeks ago, COMPAQ 
COMPUTER CORP. reported a 
fourth-quarter profit of $92 million 
on revenue of $8.5 billion. . . . 
Rosemont, Ill.-based COMDISCO 
INC. agreed to sell two of its prod- 
uct leasing businesses to GENERAL 
ELECTRIC CO.’s GE CAPITAL CORP. 
financing unit in Stamford, Conn. 


| Calif. 
| CEO Mark Hoffman said the 
| partners will continue to de- 





| BY MICHAEL MEEHAN 


AP AG AND Com- 
merce One Inc. last 
week disclosed plans 
to go their separate 
ways in the online 
procurement software market. 
But the two companies said 
that doesn’t 
month-old sales partnership is 


| being dropped altogether. 
The divide involves a deal 


under which SAP and Pleasan- 


ton, Calif.-based Commerce | 
One agreed to sell each other’s | 


online procurement software 
in a combined offering called 
Enterprise Buyer. SAP officials 


said the two vendors’ sales 


| were targeting the same cus- 


tomers, many of whom are 
among SAP’s installed base of 
business application users. 

Still in place, though, is an 
agreement related to business- 


| to-business marketplace soft- 


ware. Gary Fromer, chief strat- 


egy officer at the SAP Markets | 


Inc. subsidiary in Palo Alto, 
and Commerce One 


velop and sell their combined 


| MarketSet technology, which 


has about 40 users. 

SAP injected $250 million 
into the struggling e-commerce 
software vendor last year and 
now owns 20% of Commerce 
One’s stock. In addition, Com- 
merce One has become in- 


| creasingly dependent on SAP 


for business: Half of Com- 
merce One’s software license 
sales now occur within SAP’s 
customer base, said Karen Pe- 
terson, an analyst at Gartner 
Inc. in Stamford, Conn. 

Even so, the parting of the 
ways regarding online pro- 
curement software wasn’t a big 
surprise, Peterson said. 

The deal with Commerce 
One gave SAP “the ability to 
associate [itself] with some- 


mean their 18- | 





one who had competence in 
online commerce” at a time 
when SAP lacked its own tech- 
nology, she noted. But SAP has 
developed its own procure- 
ment product line, capped off 
by aset of supplier relationship 
management tools that were 
announced two weeks ago. 
Fromer said the joint pro- 
curement efforts were hinder- 
ing the penetration of that soft- 
ware by limiting the ability of 
the companies to target users 
who only wanted one of the 
two pieces. “Now we don’t | 





SAP Commerce One 


Scale Back Sales Deal 


| Vendors end online procurement software 
partnership, keep B2B marketplace effort 


have to approach customers as 
a package deal,” he said. 

As part of the procurement 
split, SAP will take back the 
rights to Enterprise Buyer Pro- 
fessional Edition, which auto- 
mates the procurement of ma- 
terials and services that go di- 
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rectly into goods sold by com- 
panies. That software also pro- 
vides a central control point 
for buying standard commodi- 
ties such as office supplies. 

Commerce One will retain 
ownership of Enterprise Buyer 
Desktop Edition, a lower-end 
application that was designed 
to give individual employees 
and departments the ability to 
buy goods electronically. D 


Reporter Marc L. Songini con- 
tributed to this report. 


A Changed Approach | 


SAP and Commerce One first teamed up in mid-2000. This is 


where their deal now stands: 


ON: Joint development and sales of online marketplace 
software. SAP has also built Commerce One technology 
into its Web-based mySAP Technology architecture. 


OFF: Sales by each company of a combined package of 
online procurement software. Instead, SAP and Commerce 
One will sell their own products separately. 


Baan Reorganizes, Looks 


To Make Fresh 


Upgrade aimed at 
boosting demand 


BY MARC L. SONGINI 
Baan Co. last week moved to | 
revive its line of customer rela- 
tionship management (CRM) 
software, announcing a re- 
branded and upgraded release 
that will be marketed as part of 
an integrated suite of Web- 
enabled enterprise applications. 
Netherlands-based Baan said 
iBaan for CRM will let depart- 
ments within a company seam- 
lessly share customer data. The 
rollout adds new data-analysis 
and product configuration tools 
and formally reverses a 13- 
month-old plan under which 
parent company Invensys PLC 
shifted the CRM line from Baan 
to anew unit in Golden, Colo. 
Analysts said the reorganiza- | 
tion and the addition of Web 
support to iBaan for CRM 
could help Baan compensate 
for sales opportunities that it 





Start in CRM 


lost because of muddled mar- 
keting and its CRM software’s 
lack of integration with the 
company’s other products. 

The product line stalled af- 
ter it was split off from Baan, 
said Kelly Spang, an analyst at 
Current Analysis Inc. in Ster- 
ling, Va. Moreover, she said, 
London-based Invensys initial- 
ly didn’t give the CRM opera- 
tion enough resources or man- 
power. Sales “just kind of 
dropped off from there,” Spang 


AT A GLANCE 


Going Back 
To the Future 


Baan’s announcement included 
the following details: 

® The CRM software is back under 
Baan's control, reversing an earlier move 
that shifted it to a new unit within parent 
company Invensys. 


@ Baan said it's adding Web front-end 
support, a browser-based product config- 
uration tool and expanded customer 
analysis capabilities. 





said. “It might have cost Baan a 
year in the CRM market.” 

Sharon Ward, an analyst at 
Hurwitz Group Inc. in Fram- 
ingham, Mass., said Baan has 
had trouble linking its CRM 
and enterprise resource plan- 
ning (ERP) applications ever 
since it bought CRM vendor 
Aurum Software Inc. in 1997. 
But with the addition of iBaan 
for CRM, she said, Baan is now 
promising a fully integrated set 
of Web-enabled software. 

“I don’t expect [iBaan for 
CRM] to be competitive as a 
stand-alone product, at least at 
first,” Ward said. “It will keep 
some customers who want an 
integrated solution from de- 
fecting [to rival vendors].” 

For example, Baan ERP user 
A-dec Inc. plans to have fin- 
ished rolling out iBaan for 
CRM’s online sales module by 


| March. But Keith Bearden, CIO 


at the Newberg, Ore.-based 
maker of dental equipment, 
said installing the software was 
“not as easy ... as it was made 
to seem” by Baan. A-dec had 
hoped the application would 
be easy to install, he said. But 
the company had to bring in 
consultants to do coding work 
to link its business processes to 
the Web. D 
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PATRICIA KEEFE 


Airline Insecurity 


F EVER THERE WAS an opportunity for IT to 
step into the breach and demonstrate how 
technology can serve the needs of business 
— if not actually secure its future — it’s the 
security crisis facing this country’s system of 
air travel. The airline industry is in disarray, reeling 
from the one-two punch of a flailing economy and 
the Sept. ll terrorist attacks. Piling on top of the 
already financially tome airlines is a hastily 


enacted government man- 
date for costly new securi- 
ty measures. 

Despite a $15 billion fed- 
eral bailout, we’re already 
seeing reports of sizable 
fourth-quarter losses — so 
far, from AMR Corp. (par- 
ent of American Airlines) 
and Continental Airlines. 

It doesn’t help that the 
airlines are practically 
starting from scratch. For 
years, the industry lobbied 
aggressively against any legislative 
efforts to force the installation of se- 
curity measures, some already suc- 
cessfully in use in Europe. 

Since the 1988 bombing of Pan Am 
Flight 103, it has taken more than 13 


years to enact a bag-matching system | 


in this country. One aviation indus- 
try executive told us that our report 
last week [Page One, Jan. 14] on inse- 
cure bag-matching systems “did not 
surprise him in the least” because 
“when you are losing that much 
money, you don’t want to spend it on 
security.” 

But the airlines must. Our inves- 
tigative report on the security of the 
wireless technology used today by 
airlines revealed serious flaws and a 
scattershot approach to addressing 
the issue. Exacerbating the situation 
is the lack of adequate funding or 
clear direction in the Aviation and 
Transportation Security Act about 
which technologies to use. 

Meanwhile, analysts are warning 
that the airlines must woo back skit- 
tish travelers or face losses well into 


’ 
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the billions. That effort 
won't be helped by the 
long delays triggered by 
multiple security checks 
and the utter stupidity of 
many of the procedures 
now in place. 

It’s a dicey situation. 
But it’s no exaggeration 
to say that IT is just the 
ticket to save the airlines. 
You can do it by provid- 
ing the leadership that 
has been lacking from 
your business peers: 

@ Band together as the airlines’ top 
IT thinkers to speak with a more 
powerful, unified voice to the gov- 
ernment and to request the revi- 
sions, extensions and funding that 
will be needed to meet the security 
mandate. 


| @ Design systems that minimize the 
wasteful and ineffective random 
| checks now holding up passengers, 
baggage and planes. “Profile” board- 
ing passes to show when passengers 
have been searched or how many 
times they have left the gate. Offer 
trusted-passenger programs using 
biometrics to help diminish airport 
| security gridlock. 
@ Save time and money by not re- 
inventing the wheel. Europe and 
Israel are already testing or deploy- 
ing leading-edge biometric technolo- 
gies such as iris-scanning, and they 
already have much more secure 
wireless networks in place. Learn 
from Europe’s mistakes; benefit from 
| its successes. 
w Agree on best practices and lobby 
strongly to influence and speed up 
the delivery of industry standards 
and technology offerings. As long as 
vendors continue to bicker and tech- 
nology offerings fall short, some air- 
lines will take a proprietary route, 
which could create information- 
exchange problems down the road. 
Only by working together can air- 
line IT shops restore consumer con- 
fidence and combat terrorism by 
creating a cohesive and secure ap- 
proach to restoring our freedom of 
mobility. 
| The ball is in your hangar. D 
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PIMM FOX 


The Modern 
Profile of 
The IT Pro 


ESPITE THE popular 

image represented in 

“Dilbert,” IT profes- 
sionals are likely to be multi- 


lingual, live and work in di- 
verse cultures and eschew white shirts 
with pocket protectors for black tur- 
tlenecks worn on gym-toned bodies. 
Unfortunately, the public’s percep- 
tion of the IT geek as a passive worker 
has done more harm to the in- 
dustry’s self-esteem than the collapse 
of IT budgets and technology stocks. 
An antidote would be meeting 
Janelle Jimenez, 
23, of Atlanta. 
Her parents are 
from the Domini- 
can Republic, she 
speaks three lan- 
guages, and she 
grew up on Staten 
Island, N.Y. Re- 
turning froma 
visit to her fiancé 
in Rome, Jimenez 
spent the nine- 
hour flight study- 
ing for her Cisco 
Certified Net- 
work Administrator test and spoke ar- 
ticulately about her IT career. Jimenez 
likes the possibility of connecting dif- 
ferent kinds of networks. “Every situa- 
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| tion is different because every compa- 


ny is different,” she says. 

Listening to Jimenez, you’d never 
know IT was going through a melt- 
down. “I’m not in it for the money,” she 
says. “I want the experience and op- 
portunity to meet people and learn 
how businesses use IT.” Her technical 
and language skills should make it pos- 
sible for her to work in Italy next year. 

Could this be the IT industry brand- 
ed as narrow and uninteresting by the 
popular press? 

According to Judy B. Homer, presi- 
dent and principal of an eponymous ex- 
ecutive-level IT recruiting firm in New 
York, the short-sleeved, taped-glasses 
look might have defined the IT world in 


ick 
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the 1970s, but the ranks are currently 
filled with men and women of diverse 
ethnic and cultural backgrounds. 

Now, IT professionals possess the 
polish and sophistication typically as- 
sociated with executive managers and 
customer representatives. 

You can, in fact, easily mistake An- 
thony McCloude, 31, who oversees the 
LAN and peripherals for airlines at 
New York’s John F. Kennedy Interna- 
tional Airport, for an executive be- 
cause of his poise and polish. ‘The Eng- 
lishman, who has lived in Brazil and 
speaks Portuguese, says upward mobil- 
ity can be limited if you don’t fit the 
management stereotype. 

And there’s evidence that fewer are 
fitting the Dilbert stereotype. 

Gina Schiller, director of technology 
recruitment at J.B. Homer Associates, 
says IT pros now come with non-IT 
skills to augment their careers. For ex- 
ample, a legal background is useful for 
negotiating vendor contracts. 

Don’t buy into stereotypes of IT. 
Being well spoken, well groomed and 
well rounded can make the difference 
in your career. And it won’t hurt the 
rest of your life either. D 


DAN GILLMOR 


Eight Ways to 
Get Ready for 
Mobile Usage 


EMEMBER the guy in 

that meeting last week 

who seemed to be pay- 
ing close attention to every- 
thing but kept glancing into 
his lap? He was probably doing e-mail 
on a BlackBerry or some other hand- 
held device. Can you say “Annoying”? 

If IT thought the PC brought major 
changes to the enterprise, just wait for 
wireless to take hold. From Wi-Fi 
(802.11b) to Bluetooth to new kinds of 
mobile telephony and data services, 
this is genuinely disruptive technology. 
The USS. is lagging behind Europe 

and some parts of Asia, where wireless 
has transformed businesses in small 
and large ways. But ultramobility is 
coming fast here, and companies need 
to be ready with some rules of this 
new data road. Here are eight observa- 
tions and suggestions: 
1. Think about security now, not later. Re- 
mind employees that they’re talking on 
radios when they use mobile phones. 


NEWS 


Wi-Fi, which is springing up 
all over the U.S., has some 


| fundamental security prob- 
| . . . 
lems in its current incarna- 


tion. If you set up an 802.11 
network on your premises, 
remember that you may be 
exposing your systems to 
people in your parking lot. 

| Don’t allow access to sensi- 
tive data except with a VPN 
or other serious encryption. 
Also, be sure to secure lap- 
top computers so that when 
employees sign into a Wi-Fi 
network from a remote location, their 
data won't be open for inspection. 

2. Don’t give everyone a BlackBerry. 
These small devices are wonderful for 
some people, such as those who ab- 
solutely have to be online all the time. 
But they’re relatively expensive. 
They’re also addictive for some users, 
who are prone to sending e-mail in the 
middle of family dinners and other in- 
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3. With that in mind, persuade 
higher-ups to ban all wireless 
devices in meetings - and 
make the policy stick. If these 
gatherings are so boring 
that people feel the need to 
do e-mail on their Black- 
Berries, fix the meetings. 
b 4. Think about how your Web 
site’s information will look on 
the small screens of most 
wireless devices. Create mo- 
bile-oriented miniportals 
by essentially retrofitting 
existing data on your 
servers to supply key information for 
on-the-road employees and others who 
may want to look up data quickly on 


| your site. Forget the graphics, and re- 


member how efficient text can be. 


| 5. Don’t expect high-speed 3G mobility to 

| arrive anytime soon. But do think about 
| how your company can use that band- 
| width when it does arrive. 


6. Look hard at the new generation of de- 


27 


launched Treo, a combination PDA 


| mobile phone. It’s a natural match, and 


the convenience factor will be hard to 
beat. Again, however, make sure securi- 


| ty is part of the system from the outset. 


7. Want to learn new ways to use mobile de- 
vices? Ask your kids. The explosion in 
short messaging was launched, by 
many accounts, when teenagers in Fin- 
land figured out how to use the text- 


| Messaging systems to do more than tell 


phone owners they had new voice mail 


messages waiting. Now, Short Messag- 


ing Service is as popular as voice in 
some countries, and it’s often more ef- 
ficient and cost-effective. 
| 8. Be prepared for new tech-support duties. 
| This stuff is wonderful to use when it 
works right, but it doesn’t always work. 
IT needs to hammer on the suppliers 
| to make more reliable and simple 
products, for everyone’s sake. 

Mobile technology, like any technol- 
ogy, will be both a blessing and a curse. 





But if you want more of the blessings, 


opportune occasions. 


Managing With Tact 


Y BRINGING UP his 

concerns about a lap- 

top security vulnera- 
bility in a meeting, Mathias 
Thurman put the operations 
manager on the spot, essen- 
tially challenging him [“Vul- 
nerability Draws Yawn From 
Operations,” Security Man- 
| ager’s Journal, Jan. 7]. I sus- 
pect that the problem could 
have been resolved more 
smoothly if Thurman had 
gone to the operations man- 
ager privately and worked to 
win him over — even make 
it the ops manager’s idea to 
| get the change made. And if 
he ran into resistance, he 
also needed to do a little 
probing to find out the true 
reason for it. 

Some possibilities: 

1. The ops manager is under 
fire for spending too much 
on laptop support or for de- 
ploying images that cause 
| frequent problems. 
2. The ops manager has 
been indulging in office gos- 
sip that security people are 
a bunch of meddlers, and he 
can’t cooperate with Thur- 
man without appearing fool- 
| ish, at least in his own eyes. 








vices, such as Handspring’s newly 


3. The ops manager is a jerk 
and can’t be counted on to 
cooperate in any case. 
Thurman got the neces- 
sary change, but at the ex- 


| pense of future confronta- 


tional behavior. 
Jordan C. Kelly 
Senior engineer 
Science Applications 
International Corp. 
Dayton, Ohio 


| jordan.c.kelly@saic.com 


Some Sites User-Hostile 


EYOND Patricia Keefe’s | 


complaint about sites 

that don’t work the 
way their designers intend- 
ed [“Santa’s Little Hinder- 
ers,” News Opinion, Jan. 7], 


| how about designs that are 
| user-hostile for no apparent 
| reason? Many sites require 


you to enter phone and 


| credit card numbers in a 


specific format (with paren- 
theses, in groups of four, 
without spaces, etc.). How- 


; ever, the data processing 
| program can strip out all of 


the nonnumeric characters. 
The database doesn’t care 
what the user entered as 
long as the data is there. 

I’m not asking for human- 





like intuition about what the 
user really means; I’m ask- 
ing for the softwarelike abil- 
ity to ignore what doesn’t 
matter. 

Richard C. Haven 

Mountain View, Calif. 
rhaven@hotjobs.com 


Fd Rather Do It Myself 


F THE TECHNOLOGY de- 
scribed in “Anticiparal- 
lelism” [Future Watch, 
Jan. 7] comes to pass, it will 
provide yet another way for 
Microsoft to know what you 
want to do and to do it even 
if you don’t want to. Out- 
look, which is the fastest 
virus spreader ever known, 
will now be able to predict 
that you really want to send 
that infected mail; after all, 
you did it last time. 
Jesse |. Pollard 
Systems administrator 
Northrup Grumman Data Systems 
Metairie, La. 


NTICIPARALLELISM 

might be a good idea, 

but how are we sup- 
posed to believe that anyone 
can get a software product 
to do so much extra when 
we can’t get software to do 


rnke 


| www.computerworld.com/q?q5000 


| plan ahead. D 


| what we want in the first 
| place? If 99.5% of all JPEG 
| files I receive in e-mail are 


filed in a folder called 
c:\funnies, how would the 
software know that I want a 
picture of my grandmother 
in a different folder? That’s 
just an example of how the 


slow processor between 


your ears can’t easily be 
mimicked. Spare processor 
time should be used to make 


| the system perform better 


when I’m using it, not to 


| guess at what I might want 


it to do next. 


| S. Zinn 


Network engineer 
Dallas 
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When you think scalability, it’s time to think software. 


Today’s Web-driven world demands a faster way to scale up The Microsoft server platform gives you the choice of thinking 
and out. But instead of thinking hardware, it’s time to think smarter bigger, smaller, up, or out. That way you can deploy Microsoft SQL 
software, as in the modular and scalable Microsoft’ server platform. Server” 2000 on Windows’ 2000 Datacenter Server for heavy- 
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2000-based servers running distributed applications. And it has 
the lowest price-to-performance ratio of any competitive platform.” 

So no matter how quickly things change, your business is 
always perfectly scaled to handle it. For more ways to scale 
up—and out—with software, visit us at microsoft.com/servers 


/scalability Software for the Agile Business. 
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Dell | Enterprise 


| am Dell Enterprise. PowerEdge™ servers, storage, infrastructure software, and Premier Enterprise Services. 
And | not only run the critical apps your enterprise demands, | make sure they scream from day one. How? By creating 
alliances with leading software companies like Microsoft® i2° and SAP. And by creating a one-to-one relationship with you 
The result: a custom, end-to-end Intel® Pentium® Ill Xeon” processor-based solution designed to deliver maximum uptime 
Pre-validated and pre-configured to your exact specs. Then pre-tested and proven before it leaves the factory 

When critical is the name of the game, | can play as fast as you can plug. To find out what customers and analysts 


are saying about Dell Enterprise, visit us online today at dell.com/enterprise3 


Rapid deployment. Maximum uptime. Easy as L 


Cali 1-877-430-DELL or visit www.dell.com/enterprise3 
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technologies that promise aac costs. 
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EDITOR’S NOTE 


KNOw. You didn’t get into the IT field to be a 

bean counter. But desperate (recessionary) times 

call for hauling out the green eyeshades. 

If you’re not taking a close look at your tele- 

com bills — and monitoring your network traffic 
— you could be paying thousands of dollars for T1 
lines that were supposed to be turned off, as well as 
for wasted bandwidth, unused services and overpro- 
visioned circuits. It’s also time to assert some control 
and centralize the procurement of telecom services, 
so those mavericks in the remote offices aren’t signing 
up for high-cost network services or cellular plans. 

You also didn’t get into IT to become a contract 
lawyer. But it’s time to take another look at those net- 
working contracts and negotiate better deals. The 
vendors are hungry. 

Meanwhile, it’s time to think creatively about 
penny-pinching. Have you considered looking for 
networking gear through eBay? Did you know that 
Sam’s Club has long-distance calling cards with the 
incredibly cheap rate of 3.47 cents per minute? 

It may even be time to start exploring voice over 
IP (VOIP) networking. Yes, there’s a lot of hype 
about this technology, so it pays to have a healthy 
dose of skepticism about those vendor estimates of 
cost savings. Still, the thought of running voice calls 
over the Internet — and allowing employees to plug 
in their IP phones anywhere — is certainly enticing. 
As a recent Gartner bulletin put it: “There is no 
doubt that VOIP is the long-term solution for voice. 
The question is when, rather than if.” 

This Special Report won’t make you a CPA, but it 
will help you explore a wide variety of cost-saving 
strategies. Your IT es may depend on it. D 


Mitch Betts (mitch_betts@ mecimienaitt com) 
is director of Computerworld’s Knowledge Centers. 
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~ KNOWLEDGE CENTERE' 


IDE-AREA NETWORKS 

go back a long way, 

depending on how you 

define them: 3,000 years 

for homing pigeons, or 
800 years for Genghis Khan’s version 
of the pony express. But the first 
large-scale, reliable network for 
sending messages with a standardized 
coding system came in 1794, when 
Claude Chappe built the first working 
“optical telegraph” system for the 
French government. 

Chappe’s “telegraph stations” — 
large wooden structures with movable 
arms, spaced six miles apart — could 
relay a message 100 miles in 30 min- 
utes. That was a day’s journey by land. 
Stations along the way didn’t have to 
decode the messages; they just had to 
repeat what they received. Similar sys- 
tems were soon used in Sweden, Den- 
mark, Finland, Norway, Germany and 
England. By 1830, they were being used 
to relay private messages in Sweden. 

But by 1850, the electric telegraph 
niade the optical telegraph obsolete. 
1844, Samuel Morse’s dot-dash code 
could instantly send a message 25 
miles; sending it by train took an hour. 
Thirty years later, 27-year-old telegra- 
pher Thomas Alva Edison invented a 
way to send two messages in each di- 
rection at once on a single telegraph 
line. The “Quad” saved Western Union 
Co. $500,000 per year in construction 
costs for new lines. 

The wires were there. Message mul- 
tiplexing was there. Switching had to 
wait until Alexander Graham Bell’s 
telephone created a large, complicated 
network. In 1889, a Kansas City under- 
taker named Almon Strowger, who sus- 
pected that local telephone operators 
were steering business to his competi- 
tors, hired several engineers to design 


1794: Optical 
telegraph in 
France cuts 
message deliv- 
ery from a day 
to 30 minutes. 
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the phrase “What hath God 


wrought” from Baltimore to 
eS Washington in Morse code 


From the telegraph to Gigabit 
Ethernet, the emphasis in 
wide-area networking has always 
been on speed. By Frank Hayes 


| the first automatic telephone switch. 


In 1917, AT&T deployed its first at- 


| tempt at multiplexing. The A system 
| sent four voice telephone calls at once 


along a single pair of wires. But by 1944, 


| AT&T’s L] system was transmitting 


600 voice channels simultaneously 
over coaxial cable. 

In 1961, AT&T began turning analog 
phone calls into digital signals by tak- 
ing an 8-bit digital sample of each call 
8,000 times per second. By breaking 
up each call into digital fragments, 


| more calls could be crammed into the 

| same carrier lines. The Tl system — 

| the same T1 lines used today — carried 
| 24 voice channels. 


By that time, there were finally 


| enough computers to make linking 
| them worthwhile. In 1961, Leonard 


Kleinrock first suggested that digital 
data in packets could be routed 


| through large computer networks. 


1889: Almon 
Strowger's > 
engineers build 
the first automatic 
telephone switch 


1870] 1880} 


1917: AT&T's A system 
sends four telephone calls 
at once along a single 
pair of wires. 





1944: AT&T's 
L1 system trans 
mits 600 calls 
at once over a 
coaxial cable 


1890] 1900] 
1961: AT&T begins 


digitizing phone calls 
for its T1 system. 


The next year, J.C.R. Licklider — the 
first director of computer research at 
the U.S. Department of Defense’s Ad- 
vanced Research Projects Agency 
(ARPA) — proposed a “Galactic Net- 
work” that would let users access data 
from any site on a huge network. 

In 1965, Larry Roberts, a researcher 
at MIT’s Lincoln Laboratory, got two 
computers to communicate using 
packets for the first time. Four years 
later, the packet-based Arpanet went 
live. In quick succession, capabilities 
for file transfer, e-mail and remote log- 
in were developed. In 1973, Vinton Cerf 
proposed linking Arpanet with two 
other government networks, and the 
Internet was born. 

Meanwhile, computer vendors were 
launching networking systems of their 
own. In 1972, Robert Metcalfe, a re- 
searcher at Xerox Corp., worked out a 


| LAN system called Ethernet. In 1973, 


1965: Larry Roberts 
sets up the first 
packet-based com- 
munication between 
computers at MIT. 
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the first public packet data communi- 
cations carrier, Telenet, went into busi- 
ness, using the X.25 protocol to let 
computers connect to its network with- 
out a specialized hardware interface. In 
1974, IBM announced its System Net- 
work Architecture, and in 1976, Digital 
Equipment Corp. launched its DECnet. 

With all the basic concepts in place, 
wide-area networking has marched 
forward during the past two decades. 
So have new technologies — with an 
emphasis on speed. 

The Tl lines AT&T first fired up in 
196] now carry data at 1.5M bit/sec., 
though customers can buy just part of 
that capacity if they like (fractional T1). 
A T3 line is the equivalent of 28 Tls, 
with a total bandwidth of 44M bit/sec. 

Fiber-optic networks, which weren’t 
even practical when Charles Kao and 
G.A. Hockham first proposed them in 
1966, reached speeds of 90M bit/sec. in 
1970, 500M bit/sec. in 1984 and 1.7G 
bit/sec. by the early 1990s. 

Relatively inexpensive frame-relay 
networks let customers connect at 
speeds from 56K to 1.5M bit/sec. (and 
in Europe, from 64K to 2M bit/sec.). 
Gigabit Ethernet, the latest version of 
the old LAN standard, supports speeds 
up to 1G bit/sec. 

Asynchronous Transfer Mode, which 
uses small, fixed-size packets called 
cells to keep any single type of data 
from hogging the line, is popular for 
transmitting video, audio and computer 
data over the same network at speeds 
from 22M to 622M bit/sec. 

And to make use of those fast public 
networks, virtual private networks use 
encryption and other security mecha- 
nisms to create a secure network that 
appears private — making WANs prac- 


| tical for any enterprise that needs them. 


And now, on with the story ...D 
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the consolidation of your three data centers into one, when word comes in that you're buying your largest 
overseas distributor, adding two more data centers to the already complex 
equation. Okay, now what? 
To stay competitive in an environment like this, you have to be able 
to react quickly and decisively in the face of sudden change. It would help 


if your infrastructure were open, resilient arid manageable enough to adapt 


when you need it to. And the only way that’s possible is if the infrastructure 


is built to work around your needs, not the other way around. 

HP OpenView—our multi-platform management software—puts 
control of your entire infrastructure within easy reach of your keyboard. 
You can visualize and monitor your infrastructure—from legacy systems to 
storage to Internet services—from one central location. Helping you preempt 
problems before they occur, cost-effectively maintain high service levels and 
protect revenue streams. 

HP infrastructure solutions—servers, software, storage, services and 
beyond—are engineered for the real world of business. Because the last time 
we checked, that’s where we all work. Call 1.800.HPASKME, ext. 246. Or visit 
hp.com/go/ infrastructure. 


Infrastructure: it starts with you. 
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Voice Over 
its Ready! 


GEORGE MALGOZA of Westye Group says his company’s VOIP system helped it 
quickly get back up and running after a flood last year. 


IP voice technology 
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sounds good enough for the enterprise. 
And it’s cheap. By James Cope 


ITH THE ROOF CAVING IN 

from a torrent of rain and 

then a gush of more wa- 

ter bursting from a water 

main and the fire sprin- 
klers, George Malgoza raced to his 
company’s wiring closet and grabbed 
the data server under one arm and the 
phone system server under the other 
and carted them to safety. 

Malgoza is vice president of finance 
and operations at Westye Group South- 
east Inc., a distributor of SubZero and 
Wolf brand kitchen appliances, so he 
instinctively scooped up items critical 
to the company’s business. 

“T ran out of the warehouse like Indi- 
ana Jones, water gushing all around... 
and grabbed two servers, one under 
each arm,” Malgoza says. 

That was on the Friday before Memo- 
rial Day last year, when a storm dumped 
2.5 inches of water on Westye Group’s 
Orlando warehouse and showroom. By 
Wednesday, Malgoza had rented tem- 
porary office space and had his phone 
and data systems up and running. 

Getting Westye Group’s phone sys- 
tem back online in such short order 
wouldn’t have been possible had he 
been using a typical private branch 
exchange (PBX) system, Malgoza says. 





| Instead, he was using a Windows 2000 
| Server-based voice over IP (VOIP) 


phone system from AltiGen Commu- 
nications Inc. in Fremont, Calif. 
Malgoza says that even before the 


| flood, his positive experience with the 


IP phone system contradicted earlier 
popular skepticism about the quality 
and reliability of the technology. 

Like Westye Group, other corporate 
users, including manufacturing com- 
pany H.B. Fuller Co. in St. Paul, Minn., 
and Archer Engineers in Lee’s Summit, 
Mo., say that earlier technology issues, 
such as echo, delay and jitter caused by 
network congestion and packet loss, 


| are things of the past. 


That’s mostly because of advances 


| in quality of service (QOS), says Kevin 


Wetzel, manager of global network ser- 
vices at H.B. Fuller. “QOS is what al- 
lows for real-time applications such as 
voice to coincide with other real-time 
and batch applications such as telnet 
and e-mail,” Wetzel explains. “Without 
this, it’s unlikely that you could ever 
provide consistency in the telephony 
environment.” 

Scalability, which some users had 
considered a problem just over a year 
ago, has also been resolved, says Wet- 
zel. And he should know: H.B. Fuller is 
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IP: 


How It 
Works 


VOIP involves converting analog voice 
signals to digital signals that can be sent 
over IP networks, using a series of soft- 
ware- or hardware-based codecs (COder- 
DECoder) specified by H.323, a standard 
set by the Geneva-based International 
Telecommunications Union. The codecs 
not only perform analog-to-digital trans- 
lation; they also compress digital signals 
so they move through the network more 
rapidly. H.323 also sets the codecs for 
video over IP. 

But translation and compression aren't 
enough. Unlike other types of data, where 
lost and delayed IP packets are eventual- 
ly collected and reassembled to create 
coherent information, voice conversa- 
tions over IP can suffer from echo, delay 
and jitter when packets don’t arrive in the 
right order or are sidetracked along the 
way. Anyone who tried early IP phone 
systems experienced the consternation 
of hearing his own voice echo back and 
the babble from one end overlapping 
what's said from the other. 

The combination of advances in QOS 
~ in which voice packets are given priori- 
ty over other packets — plus superior 
voice compression algorithms and echo 
cancellation technologies has largely mit- 
igated these problems, at least over pri- 
vate LANs and WANs. 

However, using the internet for voice 
traffic is still another matter, because 
there aren’t service-level guarantees 
for voice over the Internet, says Richard 
De Soto, vice president at Altigen Com- 
munications. 

Yet he acknowledges that because IP 
telephony is so inexpensive, some busi- 
nesses are willing to put up with iffy voice 
quality - particularly small businesses 
that make a lot of international calls. 

- James Cope 





in the process of rolling out a global 


| VOIP phone system based on technolo- 


gy from Cisco Systems Inc. As of the 


end of December, Wetzel says, his com- | 
| pany had installed 475 VOIP phones; he | 
| expects to have 3,000 phones connect- 


ed at 30 locations by May. 


Where Intelligence Resides 

VOIP phones, unlike analog phones 
wired to a traditional PBX, hook into 
an IP telephone data server through 
the same Category 5 cable that con- 
nects desktop PCs to a company’s data 
network servers. All of the intelligence 
for the phone system, including exten- 
sion numbers and individual prefer- 
ences for speed-dialing and voice-mail 
handling, resides on the phone server. 
So when Malgoza’s IT technicians 
plugged in the phones at Westye 
Group’s temporary location following 
the flood, the settings for each phone 
were instantly restored. 

Wetzel says he had considered im- 
plementing a standard PBX system. 
However, he discovered after testing 
and analysis that VOIP was not only 


| equal to switched phone systems in 


terms of voice quality and function- 


| ality but also less costly to install and 


maintain. 
In new buildings, companies need to 


| install only network cabling, Wetzel 


says; there’s no need to run special 
wiring for the phones. In those in- 


| stances, payback on the phone system 


is immediate, he says. 
Additions, moves and changes are 


| easier and less costly, too, Wetzel 
| notes, because the server automatical- 


ly recognizes the media access control 


| address of the IP phone and thereby 


sets its configuration — wherever the 
phone is located. 

Moreover, managing the phone sys- 
tem doesn’t require special staff. In a 


| VOIP system, voice is just another form 


of data riding on the same corporate 


| network as other data. Wetzel says he 


anticipates that H.B. Fuller will save 
$2 million during the next five years by 
moving to VOIP. 


Plugging Into the Net 

Mike Medsker, vice president of 
integrated solutions at Archer Engi- 
neers, is calculating his company’s re- 


| turn on investment after installing the 
| NBX VOIP system from Santa Clara, 

| Calif.-based 3Com Corp. in three build- } 
| ings at Archer’s new Missouri head- 


quarters. Medsker says he’s saving be- 
tween $1,800 and $2,000 per month 
over and above the cost of the system, 


| compared with the traditional system, 


which had 42 separate business lines 





Video Over IP 
Looking Better 


As VOIP takes hold, videocon- 
ferencing over IP is gaining 
ground, too. 

Videoconferencing systems 
have traditionally employed inte- 
grated services digital network 
(ISDN) telephone lines. But large 
companies such as Ernst & 
Young LLP in New York are mov- 
ing away from ISDN and toward 
videoconferencing over their 
wide-area data networks 

Like VOIP, IP videoconferenc- 
ing can eliminate telco-supplied 
ISDN lines, says Craig Brando- 
fino, systems director for audio 
and video at Ernst & Young. IP- 
based videoconferencing is also 
easier to set up, he says. Ernsi & 
Young has been testing Milpitas, 
Calif.-based Polycom Inc.'s Via- 
Video appliance, which plugs di- 
rectly into a universal serial port 
on a desktop computer. 

Video devices hooked to net- 


| coming into its previous location. 


In the construction business, “re- 
quests for engineering proposals and 


| bids are cyclic,” Medsker explains, 

| which meant that Archer had to have 
| enough phone lines coming in to han- 
| dle high call volumes during certain 


times of the year, although it doesn’t 


| routinely need that many. He says the 


3Com system has enabled Archer to 
eliminate multiple lines and aggregate 
calls over a single T1 line, which pro- 
vides a gateway to the public switched 
phone network as well as to the wide- 


| area network linking three of the com- 
| pany’s sites in the Kansas City area. 


Archer’s engineers frequently move 


| between offices, depending on which 
| project they’re working on at the time, 
| Medsker says. So now, instead of get- 


| ting a new phone and extension num- 


| ber, and in some cases printing new 
| business cards, an engineer simply 


plugs his phone into the network in his 


| new offices. Both the phone and the 
| phone number move with him. 


Although the full functionality of 


| VOIP may require special IP tele- 


phones that sell for $300 to $700 each, 


| Altigen, Cisco, 3Com and other ven- 


" 


worked PCs that bring videocon- 
ferencing to an individual user's 
desktop could eventually elimi- 
nate the need to provide and 
schedule special rooms in which 
to conduct videoconferences, 
Brandofino says 
He adds that IP network man 
agement tools such as Polycom’s 
global management system have 
improved over the past year or 
two, thus enabling network man- 
agers to control who can initiate 
a videoconference and when. 
“The management system 

automatically recognizes the 
[ViaVideo units] when they're 
plugged in,” Brandofino explains 
“The network manager can lock 
down the desktop interface to 
keep users from going off and 
making a 1M-bit video phone 

| call without first receiving autho- 

| tization.” 

| - James Cope 


dors have made provisions for con- 
necting existing analog phones. Ali- 
gen’s server has an analog gateway 
built into the server. 3Com uses special 
| adapters that go between the phone 
| and the network. Cisco’s system cross- 
| connects to existing PBX systems, as 
do those from Avaya Inc. in Basking 
| Ridge, N.J., and Nortel Networks Corp. 
| in Brampton, Ontario. 
Will VOIP systems be more widely 
deployed during the next year or so? 
Probably, say analysts and IT managers 
who have examined the state of the 
technology — at least in new office 
| buildings or where companies are doing 
| major upgrades to their phone systems. 
| But don’t expect corporate America to 
| start ripping out those old, faithful PBX 
| systems en masse — especially those 
| that are paid for and work just fine. D 


' Online Exciusive 
Lego Systems Inc. elected to upgrade its 

| Avaya PBX system to support VOIP, but some 

technical issues must first be resolved before 
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A Fortune 100 company is build- | 
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ing an IP voice/data network 
that could be a role model for 
other users. By Joanie Wexler 


HERE’S A GOOD CHANCE that 
The Dow Chemical Co.’s 
new IP converged network 
will be remembered as the 
industry milestone that fi- 
nally got the IP telephony 

ball rolling. The $30 billion global 

company is building a 50,000- 

user integrated IP voice/data 

network. 

In partnership with out- 

sourcer Electronic Data Systems 

Corp. and network equipment giant 

Cisco Systems Inc., Midland, Mich.- 

based Dow has completed a pilot of its 

converged network, DowNet, at select- 

ed sites across four continents. Nearly 

all 450 Dow sites in 35 countries 


VOIP Trail 


| 
| 


should be operational by the end of the 
second quarter, says Ray Warmbier, 
DowNet program manager. 

Voice over IP (VOIP) is a hot topic 
of discussion, but large installations 
are scarce, particularly in the U.S. Yet 
Dow is making a wholesale, pioneering 

commitment to the technology. 
In fact, the size of DowNet is 
matched only by Cisco’s own 
worldwide VOIP network. 
“People will watch this rollout 
carefully,” predicts Larry Hettick, an 
Alameda, Calif.-based independent 
telecommunications consultant who 
specializes in packet network conver- 
gence. “Dow’s adoption of IP telepho- 
ny provides serious evidence to other 





enterprises that VOIP might finally be 
ready for prime time.” 

Why take the plunge? It would seem 
tough to justify a global network over- 


| haul during a recession. But most of 


Dow’s existing circuit-switched private 
branch exchanges (PBX) were very old 
and were running different software 
versions, explains Warmbier. “Some 
were upgradable and some weren't. 
Getting our old PBXs upgraded, re- 
placed and standardized on a global 
scale would have cost us a great deal of 
money,” he says. 

Rather than continuing to invest 
heavily in legacy technology, Dow 
turned to IP telephony. It’s replacing 


; circuit-switched PBXs with Cisco Call- 


Manager IP PBX server software, 
which runs on standard PC operating 
systems and hardware. Multiservice 
routers at Dow sites will shuttle both 
IP telephone calls and data packets 
across a common IP virtual private 
network (VPN) delivered by Equant, a 
global wide-area networking services 
provider based in Amsterdam. 

The IP VPN service is built on Mul- 
tiprotocol Label Switching technology, 
which brings quality of service and 
privacy to IP networks. The Equant IP 
VPN replaces a mix of frame relay, 
Asynchronous Transfer Mode and oth- 
er wide-area network services at Dow. 
Plano, Texas-based EDS is installing 
and managing the entire project and is 
responsible for delivering on contract- 
ed telecommunications service levels. 


Savings, Ease of Use 

Warmbier says savings will come 
partially from bypassing the public 
switched telephone network in many 
non-U.S. sites where phone calls are 
expensive. In addition, he says, upgrad- 
ing and changing standard IP- and PC- 
based systems is easier than relying on 
a PBX vendor to change its proprietary 
telephony software. 


aZes 
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Dow Chemical Co. 


® Business: The No. 2 chemical company in the U.S. 
Aworld leader in the production of plastics, chemicals, 
hydrocarbons and herbicides and pesticides. Merged 
with Union Carbide Corp. on Feb. 6, 2001. No. 78 on the 
Fortune 500 list. Known as the maker of Styrofoam 

@ Net sales (2000): $29.5 billion 

@ Net income (2000): $ 1.7 billion 

® Top IT executive: David E. Kepler, corporate vice 
president for electronic business and ClO 





SOURCES: HOOVERS.COM, DOW.COM 


This network is important to Dow’s 
acquisition strategy. “We want to be 
able to bring new users from acquired 
companies into Dow work processes as 
quickly as possible,” Warmbier says. 

Dow’s ambitions also include de- 
ploying new IP-based multimedia ap- 
plications. The installation of regional 
Web-based call centers, for example, is 
expected to improve customer service 
through real-time, multimedia collabo- 
ration between call agents and Dow 
customers. 

Dow is also running unified messag- 


| ing, whereby users can access voice, 


e-mail and fax messages from a Micro- 
soft Exchange in-box. The Radicati 
Group Inc., a research firm in Palo 
Alto, Calif., estimates that unified mes- 
saging provides a productivity gain of 
about 25 minutes per user per day. 

Dow also plans to make use of 
IP/TV, a Cisco capability for delivering 
corporate webcasts. “Many of our se- 
nior managers want to communicate 
globally with their people on a regular 
basis, and this is a very efficient way to 
do it,” says Warmbier. 

One reason enterprises have been 
leery of migrating to VOIP is that they 
aren’t convinced of an IP network’s 
ability to guarantee application perfor- 
mance when voice and data — which 
have inherently different network per- 
formance requirements — coexist. 

“At this point, the service we're get- 
ting with our [IP] phones is on a par 
with what we get with our [traditional] 
phones,” says Warmbier. “But we did 
have to work hard on tuning the 
routers to eliminate echo on the line. 

EDS is responsible for configuring 
the routers to classify, mark and priori- 
tize Dow’s voice, data and video traffic 
and then coordinating with Equant to 
make sure the network provides the 
high levels of service quality required 
by the contract. D 





Wexler (joanie@jwexler.com) is an 
independent IT and networking writer 
and analyst in Campbell, Calif. 
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Cost-Cutters 


Keeping a sharp 
eye on band- 
width, invoices 
and contracts can 
trim your WAN 
bills downto size. 
By Mitch Betts 


MPLOYEES BUY THEIR Own 

cell phones and rate plans to 

suit themselves. No one ever 

has time to check those 

stacks of telecommunications 

bills that arrive monthly. 
Bandwidth grows uncontrollably, and 
contracts signed several years ago just 
sit in a file cabinet. 

If this sounds like your IT shop, 
there’s room for some cost-cutting 
improvement. The first step: Get 
“visibility” into your wide-area net- 
work, contracts and invoices, because 
you can’t manage what you can’t see. 

For example, Hold Brothers On-Line 
Investment Services Inc. installed 
WAN monitoring tools from Westford, 
Mass.-based NetScout Systems Inc. to 
“give us visibility into what was flow- 
ing over our network,” says Chris 
Lukas, chief technology officer for 
emerging technologies at Jersey City, 
N.J.-based Hold Brothers. 

The monitoring allowed the online 
stock brokerage to identify and clean 
up network inefficiencies, which saved 
so much bandwidth that it didn’t need 
to install additional T1 lines. Hold 
Brothers was able to save $1.1 million 
per year. 

Computerworld asked networking 
managers, analysts and consultants to 
suggest other ways to trim the fat. 


Money-Saving Tips 

® Go online to purchase used networking 
equipment for as much as 75% off list 
price from Web sites such as those of 
eBay Inc. and uBid Inc. (Maybe it was 
hardly used by a failed dot-com!) 

® Renegotiate for new discounts on hard- 
ware every time you sit down witha 





vendor, even if you got a discount last 


| year. Companies that fail to make their 
| incumbent vendors compete for busi- 

| ness often miss out on discounts of 

| 50% or more. And make the used- 

| equipment prices a benchmark for 


negotiations. 

® Exploit the fierce competition in the re- 
seller channel. Instead of buying direct- 
ly from the vendor, you can get a better 
deal on the vendor’s gear from a value- 


| added reseller or a systems integrator. 


@ Consider outsourcing certain WAN 


| services, such as global remote-access 


capability (see story, page 50), e-mail 
management or Web hosting of static 
pages. This can reduce the need to 
add IT staff. But large-scale outsourc- 
ing doesn’t work for fast cost-cutting 
because big deals require a lot of 
due diligence and upfront admin- 


| istrative costs — and the savings 





won't show up for 12 months. 

® Hand out discount long-distance calling 
cards to your heavy travelers. Sam’s 
Club, for example, has prepaid cards at 
the incredibly cheap rate of 3.47 cents 


| per minute. 
| @ Eliminate “maverick buying” of cell 


phones and rate plans. Negotiate a mas- 
ter contract, which typically saves $20 
to $30 per month per employee. A 
company with 1,000 mobile workers 
can save $250,000 to $350,000 per year. 
@ Use a bandwidth management appliance 
to monitor traffic flows and place limits 
on band width-hogging applications. 
Crack down on personal use of the In- 
ternet, especially bandwidth-intensive 
activities such as downloading movie 
trailers and screen savers or swapping 
music files. 

@ WAN managers should issue a request 
for proposals to multiple bidders. Never 





automatically renew or extend the 
length of current contracts with pro- 
viders. Contracts for transport services 
shouldn't be longer than three years. In 
many cases, a two-year term, or even 
12 to 18 months, is preferable. 

@ Check your carrier contract for a “busi- 
ness downturn clause,” which allows 
you to decrease the amount of services 
you pay for if you close 10 out of 25 of- 
fices, for example. 

& Use intelligent data service unit/channel 
service unit devices that measure actual 
usage of frame-relay circuits to see if 
you have overprovisioned your frame- 
relay network. 

@ Have your telephone bills audited every 
18 to 24 months to find overcharges and 
billing errors, such as a canceled Tl 
line that’s still showing up on the bill. 
However, hiring a bill auditor may be 
an unnecessary expense if your inter- 
nal staff regularly reconciles bills and 
finds errors on its own. If staffers do 
this, you won’t have to share half the 
savings with the auditor. 

® Stop paying for network services that 
aren’t used. One of the must useful sta- 
tistics from network monitoring is the 
“zero activity report.” There may be a 
good reason why some network ser- 
vice wasn’t used in a particular month, 
but it still bears investigation. 

@ Consider metropolitan-area networks 

if your organization has two or more 
sites in one large city (see story, 

page 44). 

@ Users of Ti lines should consider moving 
to frame relay, and users of frame relay 
should consider moving to a virtual 
private network, according to conven- 
tional wisdom. 

@ But conventional wisdom can be outdat- 
ed, too. One IT manager saved money 
by switching from an expensive frame- 
relay setup to point-to-point leased 
lines, which have dropped sharply in 
price. So re-examine old assumptions 
about what’s cheaper. D 


Tipsters 


The following industry experts provided 
the various cost-cutting suggestions: 
Frank Dzubeck, president of Communications 
Network Architects Inc. in Washington 

Jack Heine, an analyst at Gartner Inc. in Stamford, 
Conn. 


Gail Joerger, director of corporate marketing at 
QuantumShift Inc. in Novato, Calif. 

Chris Lukas, chief technology officer for emerging 
technologies at Hold Brothers On-Line Investment 
Services Inc. in Jersey City, N.J. 


Lisa Pierce, an analyst at Giga Information Group 
Inc. in Cambridge, Mass. 


Steven Taylor, president of Distributed Networking 
Associates Inc. in Greensboro, N.C. 
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KEVIN FOGARTY 


Don't Plunge 
Into VOIP 


But at my back, I always hear 
Time’s winged chariot hurrying near; 


And yonder all before us lie 


Deserts of vast eternity. 


— “To His Coy Mistress,” by Andrew Marvell, 1681 


always loved that verse, partly for | — buy now or the pace of change will 


its metaphysical beauty, but more 


for the misuses to which it’s put. 
Can it be seen as a poignant ad- 
monition to not waste a moment 
of your short life and to, instead, 
leap at every new oppor- 
tunity that life offers you, as 
the writers of high-tech ad 
copy would have you think? 
Well, yeah, kind of. But it was writ- 
ten as a seduction poem, one of a 
whole class of verse ostensibly created 
to persuade 17th century lasses to say 
“yes” to more things than would really 
be wise. 
In the IT world, that same argument 


om 


leave you behind — is applied to what- 
ever technology is hot at the moment. 
Voice over IP (VOIP), for example, 
has been something of a perennial 
suitor whose fussy nature has pushed 
it back into the pack of tech- 
nologies vying for the CIO’s 
attention, despite its poten- 
tial. The quality of service it 


| delivers has been improving, however, 


and new VOIP router packages from 


| Cisco and others are making VOIP 
| nearly practical enough to fall for. 


It has its attractions, after all, though 
they’re largely unproven. If you can 


| replace your old PBXs with newer 





equipment that will make your old 
network do double duty as a voice 
carrier, you not only cut the volume 
and cost of your phone traffic, but you 
also eliminate the need to support both 
voice and data networks, while adding 
functions like unified messaging and 


Evolution, Not Revolution 

Gartner Inc. expects most compa- 
nies to begin a migration to IP-based 
telephony between 2003 and 2005, but 
it loudly warns that VOIP 
“remains an emerging, 
evolving technology, and 
the transition to it will 
come gradually, despite at- 
tempts by Cisco and oth- 
ers to talk up the market.” 

VOIP still lacks impor- 
tant features like security 
measures that can ensure 
that your IP calls aren’t 
being intercepted as well 
as simpler functions, such 
as the ability to look some- 
one up and initiate an IP- 
based call. 

Enum, a protocol final- 
ized by the Internet Engineering Task 
Force more than a year ago, is an at- 
tempt to solve that problem by offer- 
ing a standard way to build directories 
that list IP telephony and e-mail ad- 
dresses plus fax and cell phone num- 
bers within IP-based networks. Anoth- 
er developing specification, Session 
Initiation Protocol, is designed as a 
standard way to signal the start of a 
VOIP phone call or chat session. 


| 
Web-based call centers. 
| 


KEVIN FOGARTY is a 
former editor at 
Computerworld. 
Contact him at 

kevinjfogarty@yahoo.com. 
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Without systems like those and 
directories that use them, it can be 
difficult to identify whether a call has 
to be routed through a traditional PBX, 
a VOIP gateway or over the network 
to a phone your router knows is con- 
nected by VOIP. 

In addition to the technical limita- 
tions of VOIP, the way in which ven- 
dors sell it is nonstandard enough that 
users who don’t go through a rigorous 
(read: slow) competitive analysis and 
request-for-proposal process risk pay- 
ing 25% to 60% more for 
VOIP systems than they 
should, Gartner warns. 

Still, a migration to 
voice over IP makes sense. 

But only when you, and 
your network, are ready 
to deal with the new prob- 
lems that wiil, inevitably, 
pop up. Among other 
things, if you already get 
enough complaints about 
the reliability of your data 
network (justified or not), 
why up the ante by putting 
voice traffic on the same 
backbone? 

Better to focus on the basics and 
make sure the network itself is stable 
by upping your bandwidth and stability 
using optical Ethernet or other solid 
networking technology that may be 
less sexy than VOIP, but infinitely less 
flighty as well. 

There is, after all, a limit to how far 
you should twist the purpose for 
which anything was designed, without 
redesigning it first. D 
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Corporate WAN 
Technologies 


Since 1995, frame relay has come into its 


Ne 


wide-area network traffic. 


own as a mass-market business service 


Frame relay ee A8% 


Private line ee 15% 


IP-based VPN fj 752% 
am | 6% 
ison | 2.4% 
Other ca 144.6% 


Base: Survey of 400 U.S. wide-area network managers. 


tes in their WAN 


asked which technology domi 


Don't know 


| 
Will integrate 
voice and 
data over 
backbone 
only 


Base: 400 wide-area network managers 


FRAMINGHAM, MA’ 


twork Snapshots 


Voice/Data Integration 


Asked about their plans 12 months out, many companies 
say they have no intention of integrating voice and data 


The Nightmares 
152 IT managers identified the following 
items as their worst nightmares about 


network equipment: 


= Human error 


No plans to 
integrate voice 
and data traffic 


= Security breaches 
= Server failure 


= Power outages 


= Poor service from outside providers 
= Natural disasters or other catastrophes 
® Staffing problems 


Will integrate 
voice and data 
over backbone 
and access lines 


8 Inability to anticipate, avoid or 
respond to network downtime 


= Adverse effects of downtime 
on company operations 
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They're fast. They’re optical. And 


metropolitan-are 


4 networks are 


eaining ground against traditional 
carrier services. By James Cope 


HEN DAN BRINDELL, 
director of network 
engineering at ACTS 
Retirement-Life Com- 
munities Inc. in West 
Point, Pa., looked for a 
way to connect multiple locations over 
the same network, he considered using 
frame relay or leasing optical fiber. But 
at 256K to 512K bit/sec., frame relay 
was too slow for the IP videoconfer- 
encing system Brindell wanted to im- 
plement, and leasing “dark fiber” on 
his own was prohibitively expensive. 
So he turned to San Francisco-based 
Yipes Communications Inc. to set up a 
metropolitan-area network (MAN) 
connecting eight sites in the Philadel- 
phia area over optical Ethernet. 
Although telecommunications carri- 
ers have had fiber circling big cities for 
years, the MAN is a relatively new 
phenomenon. It began a few years ago 
with a new breed of service provider 
that now includes Yipes, Telseon Inc. 
in Englewood, Colo., and Cogent Com- 
munications Inc. in Washington. 
They’ve tracked down dark fiber — 
optical fiber that was already in the 
ground but largely unused — and lit up 


large optical Ethernets in several cities. 


MANs fulfill critical needs for net- 
work managers, says John Mazura, an 
analyst at Gartner Inc. in Stamford, 
Conn. Respondents to a Gartner sur- 
vey of 150 enterprise users listed opti- 
cal Ethernet and bandwidth capability 
as top priorities, he says. 

Other users agree with Brindell on 


the viability of Ethernet MANs for fast, 


scalable connections. Chicago-based 
law firm Freeborn & Peters uses a 


| Yipes MAN to connect to the Internet. 
Incyte Genomics Inc., one of ‘Telseon’s 


first customers, blasts data at 1OOM 


| bit/sec. over its MAN to a data center 

| 18 miles away. And Rudin Management 
| Co., a New York-based real estate man- 
| agement firm with a key building near 


the World Trade Center, was able to 
keep communications up and running 
in the aftermath of the Sept. li terrorist 


| attacks by connecting with Cogent’s 
| MAN (see “MAN Replaces T1 in Disas- 
| ter Aftermath,’ 


next page). 
It’s even possible to link two metro- 

| politan networks for a MAN-to-MAN 
connection. That’s what Calpine Corp., 
a wholesale electricity producer in San 
Jose, is doing, thus creating what Yipes 
calls a national-area network (see 

| “MAN-to-MAN Coverage,” next page). 


How It Works 


@ The service provider leases optical fiber 
traversing a metropolitan area. 


@ Separaie fiber-optic lines connect buildings 
along the provider's main fiber route to the city- 
wide network. 


@ Enterprise customers hook into the MAN via 
a Gigabit Ethernet switch that the provider in- 
stalls on customers’ premises. 


@ Customers can increase their bandwidth 
across the MAN as required up to one 16 bit/ 
sec., usually in increments of 2M to 5M bit/sec. 


@AMAN employs Ethernet network standards 
for simplified connection to existing LANs. 


@ However, MANs aren't available in many 
metropolitan areas, especially smaller cities. 
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DAN BRINDELL, director of 
DNase ne Lt 
ACTS Retirement-Life Com- 
munities, says a MAN is fast, 
scalable and cost-effective. 


MAN onth 








COMPUTERWORLD January 21, 2002 KNOWLEDGE CENTERS N 


But in some locations, MAN pro- 
viders haven’t yet set up shop; in oth- 
ers, a Single provider would have a 
hard time finding enough dark fiber. 
So some organizations have had to be 
creative. For example, packaged goods 
giant Procter & Gamble Co. built its 
own MAN connecting seven campuses 
in its home city of Cincinnati. And the 
city of Chicago is in the early stages of 
a 10-year project to build an optical 
network for local government, busi- 
nesses and institutions [News, Jan. 7]. 

Gartner’s Mazura says MANs have a 
leg up on frame-relay, T1 and T3 lines 
by virtue of their bandwidth-on-de- 
mand capabilities. Enterprises can sub- 
scribe to a MAN service in increments 
of 2M to SM bit/sec. Telseon officials 
say users can turn up bandwidth in a 
few seconds via a Web-based control 
screen. Yipes says it can turn up band- 
width in an hour. And users say that 
throughput of up to 1G bit/sec. across 
MANs is possible. 

Plus, it’s all Ethernet, the standard 
on which most LANs are based. That’s 
a big deal for enterprise users, Mazura 
says, because “now you can plug that 
directly into your RJ45 port instead of 
buying multiple T1 cards.” 

Using traditional connections, users 
can add more T] lines as needed or go 
to a T3, but there’s really no middle 
ground between the two, Brindell says. 

Bob Lynn, director of technology at 
Freeborn & Peters, disagrees. He uses 
a burstable T3 line from Level 3 Com- 
munications Inc. in Broomfield, Colo., 
for his firm’s Internet access. The T3 
ordinarily runs at 3M bit/sec., but it 
can automatically burst up to 45M 
bit/sec. when traffic demands it 

“Level 3 samples the [bandwidth] 
rate every five minutes,” Lynn ex- 
plains. “As long as it’s 3M bit/sec. or 
under, we pay our regular rate of 
$3,200 per month.” He says Freeborn 
& Peters can burst 10% beyond the 
3M bit/sec. threshold without incur- 
ring extra costs. 

But Lynn hasn't put ali of his firm’s 


Run 





Internet eggs in one basket. He’s also 
established a relationship with Yipes 
and hooks into that provider’s Chica- 
go-area MAN for a redundant route to 
the Internet. The Yipes service costs 


| Freeborn & Peters $3,200 per month 


for a set bandwidth of 5M bit/sec. Lynn | 


says he can increase that to 10OM 
bit/sec. or more with a phone call. 

Philip Kwan, associate director of 
network operations at Incyte Ge- 
nomics, has a different view. His firm 
supplies massive amounts of data to 
human genome researchers at private 
labs and universities. Kwan says a 
burstable T3 line for Internet connec- 
tions could be financially disastrous if 
several customers — each sometimes 
downloading 1SOMB for a single data 
update — were to log on concurrently. 
“I could have a $30,000 bill coming for 
a month’s service,” he says. 

But Kwan says he allayed his fears of 
high bills and resolved his massive 
bandwidth requirements by using a 
MAN between Incyte’s headquarters 
in Palo Alto, Calif., and its data center 
in Santa Clara, Calif. The Ethernet link 


runs over Telseon’s optical MAN infra- | 


structure at 100M bit/sec. “We have 
1,400 to 1,600 servers, and we update 
multiple gigabytes of data on these 
every two weeks,” he says. 

Still, MAN providers are constrained 
by the availability of existing optical 
fiber in metropolitan areas — no fiber, 
no MAN, says analyst Barry Moon at 
RHK Inc., a research firm in South San 
Francisco, Calif. If the economy re- 
mains tight, fiber infrastructure suppli- 
ers may not want to lay more fiber, 
thus putting a ceiling on the near-term 
growth of MAN providers. D 


Online Exclusive 


The city of Chicago is in the request-for-propos- 
al phase of its massive MAN project. Find out 
which vendors are vying for the job - and why, 
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MAN-to-MAN Coverage 


A year ago, Calpine Corp. connected 
three of its sites in downtown Houston 
with a 3M bit/sec. Asynchronous 
Transfer Mode (ATM) network from 
AT&T Corp. However, the power com- 
pany needed more bandwidth and 
elected to change to a native Ethernet 
connection from MAN service provider 
Yipes. 

The Yipes service in Houston typi- 
cally operates at Fast Ethernet speeds 
of 100M bit/sec. But Sean Curry, 
Calpine’s chief network engineer, 
says that Yipes - upon request - can 
increase the bandwidth capacity to up 
to 16 bit/sec. in about an hour. 

The ATM link through AT&T was 
costing his company 10 times more 
than what it now pays Yipes, according 
to Curry. 

And now Calpine is preparing to 
push Ethernet connectivity even 
further. 

Curry says he will soon begin tests 
to determine the viability of an Ether- 
net-compatible network link between 
Calpine’s data centers in San Jose and 
Houston. 

The current connection between 
the two sites is a 3M bit/sec. private 
virtual circuit made up of two T1 lines, 
Curry explains. He says he hopes that 
by extending the Yipes service, he can 
eventually connect the two data cen- 
ters at speeds of up to 1G bit/sec. 

Tim Weis, an analyst at TeleChoice 
Inc. in Tulsa, Okla., says Ethernet for 


MAN connections - and for even 

| longer hauls - is an up-and-coming 
| technology that in some instances 

| could displace traditional ATM and 
frame-relay services. 

“What's really driving Fast Ethernet 
| and Gigabit Ethernet is the reduction of 
complexity,” Weis says. “Frame relay 
| and ATM simply don't match up real 
well with LAN speeds [of 10M bit/sec. 
and higher].” 

Plus, he notes, the ability to run a 
| single standard, Ethernet, across the 
| whole connection enables companies 
to create virtual LAN services across 
| the WAN. 

“You can sit in your office in Hous- 
ton, and you won't notice or care if 
| your resources are in San Jose, for ex 
ample,” Weis says. 

Although Yipes’ Ethernet service 
| has worked well between buildings, 
Calpine doesn’t plan to fully implement 
| the faster link between its sites right 
away, Says Curry. 

“If everything works as planned, 
| we'll implement it in the fourth quarter 
| of this year,” he says. 

“| would like to see a 100M bit/sec 
| link between here and San Jose,” says 
| Curry. “Even if | had just a 45M bit/sec 
| link, | could take this to a gigabit in a 
| matier of hours.” 
“You can’t get even get someone 

from [the phone company] in an hour,” 

| Weis says. 





- James Cope 


Metro Net Replaces T] 
In Disaster Aftermath 


When disaster struck the World Trade 
Center on Sept. 11, New York-based 
Rudin Management Co. lost the T1 line 
connecting its 345 Park Ave. head- 
quarters to its facilities at 32 Avenue of 
the Americas. 

Joe Idler, the company's vice presi- 
dent of IT, says he figured it might take 
weeks to restore the real estate man- 
agement firm’s T1 line. 

So instead of waiting, he asked 
Cogent Communications, which was 
already providing Internet access 
via its MAN to Rudin’s Park Avenue 
location, to see if the company could 
also connect the Avenue of the Ameri- 


| cas site to the MAN. 
| — Much to Idler’s relief, Cogent had 


| the two sites up and running on the 


| 100M bit/sec. MAN in less than a 
| week. 
Idler says he has also connected a 


| third site into the Cogent MAN, creat- 

| ing not only a fast network for day-to- 
| day activities, but also one that should 
| be able to survive any future disasters 


He says the fiber-optic network 
tuns in a ring around Manhattan. “If 
| there's a break in the ring, traffic is 
| routed the other way [away from the 
break],” Idler explains. 
- James Cope 
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Optical Networking 


BY RUSSELL KAY 
EMEMBER THOSE 
World War II Navy 
movies where a 
sailor on one ship 
signaled to another 
by flashing Morse code with a 
large, shutter-equipped spot- 
light? The receiving ship then 
flashed the same message to 
the next ship in the fleet. 
That’s digital optical transmis- 
sion, and it’s essentially how 
an optical network works. 

Replace the spotlight with a 
laser, the Morse code with a 
transmission protocol, the 
shutter with switching circuit- 
ry, the air between the ships 
with glass fiber, and the re- 
ceiving ship in the middle 
with an optical repeater. The 
result is totally different yet 
fundamentally similar. 

After decades of develop- 
ment, optical networks have 
emerged as feasible alterna- 
tives to traditional copper ca- 
bling or wireless networks, 
offering much greater capaci- 
ty and higher transmission 
speeds along with the ability 
to handle multiple simultane- 
ous transmissions. The first 
main market for optical net- 
working will be traditional 


telecommunications networks. 


Why Optical? 

Two words explain the trend 
toward optical networking: ca- 
pacity and speed. Today, a good 
Category 6 copper network ca- 
ble can carry a single data trans- 
mission at a rate of 1G bit/sec. 
An optical fiber as thin as a hu- 
man hair can handle multiple 
transmissions simultaneously 
at speeds of more than 10G 
bit/sec., and it’s getting faster. 

Several factors contribute to 
the differential. Light travels 
many times faster than elec- 
trons, and photons don’t inter- 
fere with one another the way 
electrical signals do. 

At the heart of optical net- 
working is optical fiber, which 
consists of a narrow thread of 





DEFINITION 


Optical networks transmit data 

by sending laser light through 
filaments of glass fiber; this dis- 
tinguishes them from traditional 
networks, which transmit electri- 
cal signals along copper wires. 
Although optical hardware and 
transmission media are more 
expensive, they can handle far 
higher capacity loads at signifi- 
cantly faster speeds. 


glass — actually pure silicon 
dioxide — that’s been clad 
with another glass that has a 
different index of refraction. 

A light signal introduced into 
the central fiber is reflected off 
the edges of the fiber as it trav- 
els along its length and thus 
doesn’t disperse or scatter. Still, 
impurities in the fiber eventu- 
ally absorb some fraction of 
the light, causing signal degra- 


dation. This requires the use of 


AT A GLANCE 


Further 
Reading 


www.lightreading.com/ 

A primary source for news and back- 
ground information on all aspects of 
optical networking 


www.osa-jon.org 
This is the newly begun Journal of Optical 
Networking (first issue, January 2002). 


Mind at Light Speed: A New Kind 
of Intelligence, by David D. Nolte 

(The Free Press, 2001). An excellent 
and highly readable introduction to how 
optical communication works, as well as 
how it will be used in the future for com- 
puting and transmission 


Understanding Optical Communica- 
tions, by Harry J.R. Dutton (Prentice Hall 
PTR, 1998) 





repeaters that receive a signal 
and amplify it before sending 
it over the next fiber segment. 

In the 1970s, fiber losses 
amounted to about 20 decibels 
per kilometer — a loss of about 
99% of the signal. Today’s fiber 
technology has losses of 0.2 to 
0.3 decibels (5% to 7%) per kil- 
ometer. This allows fiber seg- 
ments of up to 100km or more, 
making optical fiber economi- 
cal over very long distances. 
There’s at least one fiber-optic 
trans-Atlantic undersea cable 
currently in operation. 

Another needed element of 
optical networking is the co- 
herent light produced by a 
laser that can rapidly turn on 
and off. LEDs have an upper 
limit on the optical signals they 
can create of around 300M bit/ 
sec., while lasers are currently 
operating at 10G bit/sec. and 
should be able to go much 
faster still. 

Current optical networks 
use electronic transmitters 


| and repeaters to amplify a sig- 


nal. The conversion of light to 


| electrons and back again is a 


limiting factor. Future genera- 
tions of all-optical networks 
using tunable lasers that are 
able to emit several discrete 
frequencies will help elimi- 


| nate this conversion require- 
ment and its overhead. 

Another key to high capacity 
is the use of wavelength divi- 
sion multiplexing, in which dif- 
ferent signals are assigned to 
different wavelengths (colors) 
of light. This allows many 
channels to be transmitted si- 
multaneously — the transmis- 
sion of more than 1,000 con- 
current wavelengths has been 
demonstrated in the laboratory. 

One final piece of the opti- 
cal networking puzzle is Syn- 
chronous Optical Network 
(Sonet), a standard for connect- 
ing fiber-optic systems to exist- 
ing digital carriers. This ANSI 
standard defines how data 
streams at different rates can 
be multiplexed. Sonet estab- 
lishes optical carrier (OC) lev- 
els ranging from OC-1 at 51.8M 
bit/sec. (about the same speed 
as a T3 line) and running up to 
OC-768 at 40G bit/sec. Sonet is 
used in the U.S., Australia and 
Japan. A nearly identical Inter- 
national Telecommunications 
Union standard, called Syn- 
chronous Digital Hierarchy, is 
used in the rest of the world. 

One important thing to keep 
in mind is that optical net- 
working is primarily a back- 
bone, wide-area technology. 
Optical LANs will certainly 
appear, but in the near future, 
most installations will use ex- 
isting copper wire to make the 
final jump from the optical 
WAN to the LAN, the home 
or the end user. Still, for the 
high-speed, high-capacity net- 
work of the future, you're cer- 
tain to find optical fiber at its 
core. It gives a whole new 
slant to terms like bandwidth 
and broadband. D 


Online 
Exclusive 


For a list of standards pertaining to 
optical networking, visit the Compui- 

7 erworld Web site: 
Quick www.computerworld. 
Dnk@ Bai 





@ Are there technologies or issues you would like to learn about in QuickStudy? Please send your ideas to quickstudy@computerworld.com. 
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Elements of 
An Optical 
Network 
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to light and emitted 
by a laser... 
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a fiber-optic cable. 


A repeater receives 
the signal... 
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to electrons ... 
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back to light. . . 
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HaimeraadMisMerpte | AN Unexamined network isn’t 
wsvedatoicatcimes | WOTth the risk. Watching for appli- 
IT professionals, on the 


other hand, mustunravel_ | CQtioN bottlenecks with monitor- 


| the mysteries of performance and 


| availability for networked applications. ing software Can keep users hap NV 


| Brian Whitehead, vice president and 
| chief technology architect at Standard ‘ d st x d B Mz k H: | 
| & Poor’s, says the problem is so com- an) COS S OWT}. Vv ar a 
plex that until last May, he had eight 
people working full-time to monitor a 
network of Sun Solaris servers that de- 
livered critical financial information 
over the Internet to his company’s cus- 
tomers 

“Ours is a mission-critical Web site,” 
he points out, “given that virtually all 
the money we generate is by these 
Web services.” 

For Standard & Poor’s, a $1.2 billion 
division of The McGraw-Hill Cos. in 
New York, if the availability or perfor- 
mance of a networked application falls 
below what’s specified in service-level 
agreements (SLA) with customers, it 
costs the company money. So having 
such a large staff to proactively moni- 
tor and manage the software seemed 
like a good investment. But manual 
oversight was clearly expensive. And 
what was worse, from Whitehead’s 
perspective, was that it was inefficient. 

“It was problematic and not very 
thorough,” he recalls. 

In May, however, the company in- 
vested in Topaz, a monitoring and 
management product from Mercury 
Interactive Corp. in Sunnyvale, Calif. 
Although Topaz “is one of the more 
expensive solutions out there,” given 
the importance of the applications it 
monitors, Whitehead says, it’s worth 
every penny. 

Standard & Poor’s has written 60 
| custom scripts — 40 in the first two 
weeks it had the product — that ob- 
| serve everything from whether an ap- 
| plication is available to the timeliness 
of the information being delivered 
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across the Web. For example, if Topaz 


discovers that a stock price hasn’t been | 
updated recently, it alerts an editor that 


the content needs to be refreshed. 

The software also stress-tests the ap- 
plication over the Internet. “It lets us 
impersonate our customers by pound- 
ing on [Web] pages every minute,” says 
Whitehead. 


Imitating the User 


For Joe Romello, CIO and vice presi- 
dent of engineering at Global Sports 
Inc. in King of Prussia, Pa., mimicking 
user behavior does more than help him 
determine availability; it helps him 
plan for network capacity and server 
workloads. 

Global Sports runs the Web busi- 
nesses for many brick-and-mortar 
firms, Romello says. For example, it 
licenses San Francisco-based Blue- 
Light.com LLC’s name from Troy, 
Mich.-based Kmart Corp. and not only 
runs BlueLight’s Web site but also 
maintains a warehouse, delivers prod- 
ucts to shoppers and integrates its op- 
erations with store systems so cus- 
tomers can return goods in person. 

“Customers and even store employ- 
ees can’t tell that BlueLight.com is run 
by a separate company,” Romello says. 

To earn that level of trust from 
Kmart and dozens of other companies, 
Global Sports signs SLAs that guaran- 
tee application availability and user re- 
sponse time. And it uses agreed-upon 
metrics provided by the Red Alert ser- 
vice from Keynote Systems Inc. in San 
Mateo, Calif. 

Keynote has a program installed in 
60 USS. cities that tests the availability 
and round-trip response time of Inter- 
net-based applications for its users. 
Global Sports subscribes to a Keynote 
service that mimics user behavior via 
scripts that do everything from send- 
ing page requests to ordering products. 

Romello says Red Alert’s reports 
have been instrumental in maintaining 
SLA requirements during crises. Once, 


| historical data Romello 





when a fire in a Baltimore tunnel 

knocked out a major Internet connec- 
tion last year, Romello got enough of a 
warning to be able to reroute network 


| traffic farther west. 


Equally important, he 
says, is that Red Alert 
helps him plan load-bal- 
ancing and network ca- 
pacity priorities. For ex- 
ample, Global Sports 
works closely with 
Kmart marketing man- 
agers who often run re- 
gional promotions that 
create traffic spikes on 
BlueLight.com. With the 
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® Red Alert 


gets from Red Alert, he’s 
able to anticipate how 
much extra server or 
communications capacity 
will be needed to handle the increased 
traffic. 

“Red Alert lets us watch the Internet 
weather,” Romello says. “If AOL is 
backed up, it’s like Chicago affecting 
air traffic.” 


= Topaz 


| Verifiable Metrics 


Rick Sturm, an analyst at Enterprise 
Management Associates Inc. in Boul- 


der, Colo., and author of Foundations of , 


Service Level Management (Sams Pub- 
lishing, 2000), says it’s essential to 


| build third-party metrics into an SLA 


with a service provider. 
“Can you trust a service provider to 


| honestly measure the service and sup- 


port?” he asks. “In some cases you can, 
in some not.” 

Sturm says many users are naive 
about SLAs and don’t ask for indepen- 
dent verification of metrics in a con- 
tract. But they should, he says. 

Vericenter Inc., a managed service 
provider in Houston, incorporates 
metrics into its SLAs that are derived 
from network and application moni- 
toring and management tools from 
BMC Software Inc., also in Houston. 


Monitoring 
Tools 


BMC Software Inc. 


= GuardianAngel 


Keynote Systems Inc. 
= Custom Perspective 
# Enterprise Perspective 


Mercury Interactive Corp. 


® Active Watch 


Dave Colesante, chief technology offi- 


| cer at Vericenter, says his clients — 


primarily banking and oil firms in the 
region — agree to a set of performance 
and availability mea- 
surements based on 
BMC’s software. 

Because BMC inte- 
grates information from 
its Internet-based tools, 
such as SiteAngel and 
GuardianAngel, into Pa- 
trol, its enterprise man- 
agement product, Veri- 
center is capable of of- 
fering a three-tiered 
SLA, says Ron Pollvogt, 
the company’s vice 
president of product 
management. That way, 
users aren’t restricted to 
a single level of service. 

Naturally, he says, users pay more 
for higher-quality SLAs. But because 
Vericenter doesn’t “own” the user’s ap- 
plication, the highest level of guaran- 
tee in the SLA is on availability. 

Qwest Communications Internation- 


| al Inc. in Denver is rolling out an ag- 
| gressively tiered approach to its busi- 


ness users, according to Martin Ca- 
purro, director of IP product manage- 
ment. Qwest is using Keynote’s tech- 
nology to offer an SLA that guarantees 
application performance levels and 
availability. 

“This kind of SLA will give us a 


| competitive advantage,” says Capurro. 


Products like Topaz, Red Alert and 
GuardianAngel all give users the abili- 
ty to directly monitor their SLAs. Be- 
cause they’re Web-based, they let users 
peer into the metrics of a network ap- 
plication’s performance and availabili- 
ty through a browser, even when used 
as a subscription service. 

This is an important component to 
add to any SLA, says Neil Goldman, an 
analyst at The Yankee Group in 
Boston. “You want to know what your 
user is experiencing,” he says. D 


the Net 





SLAs: 
Money 
‘Trees? 


Brian Whitehead, vice president and 
chief technology architect at Stan- 
dard & Poor's, says it isn’t just service 
providers that can generate more rev- 
enue or offer competitive advantages 
through tiered SLAs. Companies that 
sell certain kinds of products can also 
profit from SLAs, he says 

“Because monitoring and manage- 
ment is so granular now, we can mea- 
sure each [Web] page and paragraph 
and data element precisely,” says 
Whitehead. 

For a financial services information 
company such as his, that creates the 
potential for increased sales. 

“We can sell our Web site in differ- 
ent pieces with different SLAs,” he 
says. For example, if a customer 
wanted the best SLA guarantees for 
instant credit-rating reports, the gran- 
ularity of the monitoring system would 
make it possible for Standard & 
Poor's to deliver that service in addi- 
tion to the overall financial data a cus- 
tomer may pay for, which may be de- 
livered in an aggregate form 

Neil Goldman, an analyst at The 
Yankee Group, is skeptical. “i wonder 
about the business uptake of using 
SLAs like that,” he says 

He acknowledges that in the case 
of Standard & Poor's, “the potential is 
interesting.” But such opportunities 
will be scarce and “based on the criti- 
cality of the app,” he says. 

Goldman says it’s wiser for compa- 
nies to use their SLAs to build com 
petitive advantage by establishing 
reputations for reliability and excellent 
response 

Joe Romello, ClO and vice presi- 
dent of engineering at Global Sports, 
agrees. He says companies should 
use network and application monitor- 
ing and management tools to guar- 
antee that SLAs are “about stability 
and reliability.” 

“Customers can't look to us as a 
risk,” he says. “They must see us as 
an asset.” 

- Mark Hall 








OUTSOURCING global dial-up services saves 
money and frees IT staff from having to install 
and maintain modem pools, says Gary.Robertson, 
CTO at Delphi Automotive Systems. 
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Corporations are letting outsourcers 
handle the chores of providing Net 
access to global travelers and domestic 
telecommuters. By Bob Brewin 


HOUSANDS OF ROAD WARRIORS across the 

globe are trying to plug into the corporate 

network to retrieve e-mail and data. And the 

pool of domestic telecommuters — which 

has been growing 15% to 20% each year — 
wants to have the same IT capabilities as workers at 
headquarters. It’s enough to give a network manager 
headaches. 

So some big-name companies are outsourcing 
their remote access problems to service providers 
like AT&T Corp. and GRIC Communications Corp. 
in Milpitas, Calif. 

Outsourcing global dial-up service not only saves 
money; it also makes life easier for enterprise IT 
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staffs, says Gary Robertson, chief technology officer 
at Delphi Automotive Systems Corp. in Troy, Mich. 
Outsourcing remote access is much simpler than 
installing and maintaining the modem pools required 
to support mobile workers and telecommuters in a 
firm whose operations span 43 countries, he says. 
Though the primary access method for Delphi 
remains plain-old dial-up connections, once users 
are logged in, they can tap into an advanced virtual 
private network (VPN) that provides a lot more 
functionality than just e-mail services. 

The Delphi remote access system also saves the 
company money by routing all VPN sessions through 
regional VPN concentrators around the world and 
onto a global high-speed network outsourced to AT&T. 

For example, a traveling Delphi engineer staying 
overnight at a hotel in Paris can click on an access 
icon on his laptop screen, select a local number and 
hit “Connect” and he’s logged on to the network. 
From there, his traffic is routed to the nearest VPN 
concentrator, onto the global network and then back 
to an SAP AG engineering application in Michigan, 
explains Chuck Maiorana, Delphi’s director of com- 
munications engineering. 

Delphi has gained additional leverage from its 
remote access system by incorporating new products 
from Brampton, Ontario-based Nortel Networks 
Corp. that allow it to shunt voice traffic from a digi- 
tal private branch exchange to a phone at a remote 
office or the home of a telecommuter. “This means 
you have the same number at work that you have at 
home,” Maiorana says, adding that the Nortel system 
can be used with either digital or IP-based phones. 

Delphi has already provided remote access VPN 
capabilities to between 5,000 and 6,000 of its mobile 
workers — salespeople, executives and engineers — 
and is gradually rolling it out to the rest of the com- 
pany’s 13,000 laptop users. 

Actually, mobile users don’t even need a laptop, 


| Robertson says, because they can also make a VPN 


connection through any computer with a Web 


| browser. All Delphi employees, from the manufac- 


turing line to the executive suite, can tap into a com- 
pany-sponsored Internet access program through 
New York-based AOL Time Warner Inc., according 
to Robertson. 


Dial-up vs. Broadband 

Though the Delphi remote access VPN system 
will work with broadband connections, the company 
doesn’t subsidize broadband. And broadband service 
is still so spotty, Robertson points out, that three 


| CIOs who live on his suburban street can’t get broad- 
| band connections from either cable or Digital Sub- 
| scriber Lines (DSL). 


There’s growing demand for broadband connec- 
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Emergen 
PanB > 


Users eye remote access as a 
disaster recovery option 


Besides supporting mobile and remote workers, 
remote access technology has picked up a new 
role since the terrorist attacks in September: It 
serves as insurance that a business can continue 
operating even if an office is knocked out by a 
natural or man-made disaster. 

John Girard, an analyst at Gartner Inc. in 
Stamford, Conn., says the World Trade Center 
tragedy has provided a new push for incorporating 
remote access into disaster planning. If an emer- 
gency strikes, “you want to ensure peopie can work 
anywhere to restart the business,” he says. 

Girard says sound disaster planning requires 
“the networking and telecom group to deal with 
a whole series of connectivity and business 
process issues and scenarios.” That includes the 
development of a companywide remote access 
system, in addition to having an inventory of exist- 
ing employee assets, such as who has dial-up 
Internet access and who has higher-speed cable 
modems or DSL connections. 

Enterprises large and smail are scrambling to 
develop remote access systems, according to 
Gary Williamson, product manager for VPN 
services at AT&T. “We've seen a significant uptake 
in interest in remote access services since Septem- 
ber,” he says. 

Companies with well-established remote access 
capabilities are definitely seeing the advantage of 
using them as part of a disaster recovery plan. 

Peter Brown, director of global operations 
at PricewaterhouseCoopers, says that while the 
company hasn't formally incorporated remote 
access capabilities into its disaster recovery plan, 
“it is another tool in our quiver to help with disas- 
ter recovery.” 

GM hasn't made remote access part of its formal 
disaster recovery plan yet either. But Tony Scott, 
CTO for the company's information systems and 
services organization, says remote access, espe- 
cially for key executives, took on greater impor- 
tance Sept. Ti, when GM executives were in Ger- 
many at an auto show. Remote access to the com- 
pany’s VPN ensured that they could keep in touch 
as easily as if they were back at headquarters in 
Detroit, Scott says. 

- Bob Brewin 





Get It Wholesale 


When even a global colossus like GM 
determines that it’s cheaper and easier to 
outsource enterprise remote access, it's 
probably a good idea to pay heed. 

The three companies noted here provide 
global access services that provide entry 
into a corporate network for the price of a 
local phone call. Each service claims to pro- 
vide such access in more than 15,000 loca- 
tions worldwide at a flat rate per user. 

How do they do it? They rnake wholesale 
deals with Internet service providers and 
carriers in the U.S. and abroad and then 
pass on the savings to corporate users - 
who, in turn, make their own wholesale 
deals for remote access, leveraging their 
large pools of end users. 

Each provider offers 2 software “dialer” 
that lists its access points by city and coun- 
try worldwide. All the end user needs to do 
is select the country and city, find the num- 
ber, hit “Connect” and log on. Enterprises 
can also sign on with more than one pro- 
vider and custom-build their own dialers, 
which come with VPN software 


GRIC COMMUNICATIONS INC. 

Milpitas, Calif., (408) 955-1920 

www.gric.com 
# Partnership with 300 Internet service providers and tele 
communications carriers in 150 countries for dial-up access 
= Plans to offer broadband wireless access using the Wi-Fi 
industry standard at more than 1,000 global locations over 
public-access wireless networks 


FIBERLINK COMMUNICATIONS CORP. 

Blue Bell, Pa., (215) 793-6300 

www.fiberlink.com 
# Global telecommunications partners include AT&T, Qwest 
Communications International Inc. and WorldCom Inc.'s 
UUnet Technologies Inc. subsidiary. 


IPASS INC. 

Redwood Shores, Calif., (650) 232-4100 

www.ipass.com 
= Partners include Internet service providers and telecommuni- 
cations carriers in 150 countries. 
# Offers wireless access in the U.S. through deals with Wayport 
Inc. and Concourse Communications Group LLC, which provide 
public-access Wi-Fi networks in airports. Austin, Texas-based 
Wayport also offers broadband hotel access. 


tions, analysts and users say, but most enterprises 
are still heavily dependent on dial-up remote access. 
Larry Quinlan, CIO at Atlanta-based Deloitte Con- 
sulting, says dial-up remote access is a “necessary 


evil” that will remain a communications mainstay for | 


mobile workers and telecommuters until broadband 
access becomes as ubiquitous as dial-up service. 


Justifying Costs 


But automotive manufacturer General Motors 
Corp. has already embraced broadband access for 
its 1,600-employee sales and marketing force, says 
Tony Scott, CTO for GM’s information systems and 
services organization. Those employees can use a 
broadband VPN service whether they’re at home, in 
a hotel room or at local dealerships. 

GM has totally outsourced its communications, 
including remote access. AT&T provides the back- 
bone, and Plano, Texas-based Electronic Data Sys- 
tems Corp. manages the infrastructure. 

The broadband connections provide GM’s mobile 
sales force with rapid and secure connections to 
applications that provide information such as service 
bulletins and product updates. And for end users who 


| spend hours online daily, the broadband service can 
| be cheaper than a dial-up service. But not many of 
| GM’s 40,000 remote workers spend that much time 
online, so the majority will still use dial-up, Scott says. 
Peter Brown, director of global operations at New 
| York-based PricewaterhouseCoopers, says a user 
needs to spend “eight to 10 hours a day, 20 days a 
month” to justify the cost difference between dial-up 
and broadband connections. 
On the other hand, some end users need broad- 


| band because they routinely download large files. 


“Power users tend to migrate to broadband,” 


| Brown says. But that’s not easy to accomplish, he 

| says, because “there is not a good national supplier 

| of broadband.” Like other major enterprises, Price- 

| waterhouseCoopers relies on remote access aggrega- 


tors that provide remote access to the company’s net- 


| work for the cost of a local phone call. 


The good news is that, although demand for 


| remote access is continuing to grow, costs are contin- 


uing to decline, says Scott. He says the company 
received bids in December for remote access ser- 


| vices that were “significantly lower” than what the 


company is paying now. D 


cess Hassies 
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N THE CITY OF STOCKHOLM, 
85,000 elementary school stu- 
dents log on to servers inside the 
city LAN to get their classroom 
resources. And just like the end 
users in most businesses and mu- 


nicipalities, the Stockholm students of- | 
ten forget their passwords. Plus, teach- 
ers are stuck with the burden of issu- 

ing new passwords every 100 days in 
accordance with city policy. 

But corporate America could learn 
something from the network profes- 
sionals in Stockholm. In October, the 
school district embarked on a new au- 
thentication method with something 
they don’t need to memorize and can’t 
lose: their fingerprints. 

The city’s 450-seat pilot project is 
just the beginning. By March, the $100 
fingerprint readers from Bellevue, 
Wash.-based Saflink Corp. should be in 
use on all of the school district’s 25,000 
computers, says Samir Hamouni, pro- 
ject manager in Stockholm’s executive 
IT department. And by next year, he 
anticipates that all city government 
workers — 120,000 computers in all — 
will authenticate using smart cards, to- 
kens or biometrics. 

Passwords aren’t the only game in 
town anymore. The smart card and to- 
ken market is already heating up. What 
was a $314.5 million market in 2000 
will reach $2.2 billion in 2005, accord- 
ing to a November study by IDC in 
Framingham, Mass. The biometrics 
market, dominated by fingerprint read- 
ers, is also starting to grow, from $119 
million in 2000 to a projected $887 
million in 2005. 

This isn’t a situation in which only 
one technology will prevail, because 
sophisticated companies may use mul- 
tiple techniques for network user au- 
thentication 

“T think there’s going to be a high de- 
gree of synergy between biometrics, 
smart cards and tokens as larger com- 
panies broaden their installation of 
multifactor authentication to a greater 
number of users,” says Chris Chris- 
tiansen, security research director at 
IDC. “I like the analogy of apartment 
doors in New York City. They don’t 
just have a lock. They have a slew of 
locks and chains and even steel bars.” 

Despite the many methods available, 
user authentication falls into one of 
three broad categories: what you know 
(passwords, personal identification 
numbers or other forms of challenge 
response), what you have (smart cards, 
tokens or computer hardware identi- 
fiers such as serial numbers or IP 
addresses) and what you are (biomet- 
rics). Each form has its drawbacks and 


‘Tokens, smart cards and bio- 
metrics are gaining ground for 
network user authentication. 
By Deborah Radcliff 
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benefits, says Richard Smith, author of 
Authentication: From Passwords to Pub- 
lic Keys (Addison-Wesley, 2001). 

For example, there’s no way yet to 
dole out tokens or smart cards to mil- 
lions of customers for big business-to- 
consumer applications, so passwords 
and PINs with Secure Sockets Layer 
encryption are still the way to go. But 
tokens and smart cards may make 


sense in large business-to-business ap- | 


plications where pre-existing relation- 
ships and signed contracts are in place, 
says Smith, who’s also chief technolo- 
gy officer at San Jose-based Secure 
Computing Corp. 

Christiansen says tokens and smart 
cards will make up the bulk of ad- 
vanced authentication for the next five 
years because they’re more portable — 
via Universal Serial Bus (USB) plug 
ins and network cards — and less ex- 
pensive at 25 cents to $60 per user. 
Biometric devices and software, which 
start at about $100 per user, require ex- 
ternal hardware readers or cameras 
that are difficult to carry around. 


Potential Drawbacks 

But there are drawbacks with tokens 
and smart cards, say analysts and users. 
Mainly, their contents aren’t automati- 
cally encrypted over the wire. And 
users can break, damage or lose them. 

Breakage was the reason Oppen- 
heimerFunds Inc. in New York recent- 
ly scrapped a 2,500-user token 
installation. “The calls for help with 
broken tokens or dead batteries took 
two full-time administrators. It was a 
management nightmare,” says Mike 
Hager, vice president of network secu- 





rity and disaster recovery. 

Before selecting a token to authenti- 
cate users for its PeopleSoft resources, | 
Predictive Systems Inc., a New York- 
based IT consulting firm, ran the to- 
kens through a gantlet — banging 
them, stepping on them, dropping 
them in coffee. The company settled 
on USB plug-in tokens from Aladdin 
Knowledge Systems Ltd. in Chicago. 
“You could actually dry off the coffee, 


Integration 
Challenges 


THE PROBLEM: Integrating back-end 
directory services with authentica- 
tions schemes isn’t always easy. 

Alan Neubauer, senior network sup- 
port analyst for the Florida Supreme 
Court system, ran into integration 


problems between the court’s directory in | 


the Novell Modular Authentication Sys- 
tem (NMAS) and fingerprint software from 
Identix Inc. in Los Gatos, Calif. 

Even after adding other Novell Inc. 
software, like a certificate server and an 
international cryptology infrastructure, he 
couldn't get the application to run 
smoothly, Neubauer says. 

At Novell's recommendation, he up- 
graded to a more feature-rich NMAS 2.0 
and woke to a gaping security hole. “You 
log on using the fingerprint reader. Log 
off. Then log back on again. All you have 
to do is wait three minutes [and] 40 sec- 
onds, and it will reauthenticate you with- 
out you ever having to put your finger on 
the reader,” he explains. 

Gabrial Waters, Novell's access and 
security products manager, says the se- 


| 
| 
| 


| 
| 


curity problem was related to Neubauier’s | 


screen-saver program. Neubauer says 


and they still worked,” says Predictive 
CTO Anish Bhimani. 

Unlike Predictive, Los Angeles- 
based law firm Allen Matkins Leck 
Gamble & Mallory LLP needed device- 
independent tokens because the firm’s 
250 attorneys didn’t want to lug around 
heavy documents and laptops. Instead, 
they wanted network access from any 
machine at any location, including 
computers at law libraries, courts 
and even competing law firms, says 
Tony Bothwell, systems administrator 
at the firm. 

He issued SafeWord Silver 2000 to- 
kens, a key-chain token from Secure 
Computing, in late 2000. Now, he says, 
attorneys can log on to the Web site 
and push a button on their tokens that 
pops up a number on the LED screen. 
This becomes their password into the 
corporate network. The encrypted 
number, which seems random, is actu- 
ally synchronized with Secure Com- 
puting’s PremierAccess security server. 

However, because complex memo- 
rized passwords aren’t convenient for 
everyone, biometrics are becoming the 


Novell had a patch for the problem before 
he upgraded, but Novell failed to tell him 
in advance. 


ONE SOLUTION: Try a different 
directory service. 

The glitch was enough to get Neubauer 
to test the Identix application on a com- 
peting directory service: Microsoft Corp.'s 
Active Directory (AD). “[identix] ran flaw- 
lessly,” he says. So now he’s replacing 12 
NMAS servers with Active Directory 
servers and hopes to go live in March. 


A DIFFERENT VIEW: Each integration 
project has its own challenges, de- 
pending on the software involved. 

Samir Hamouni, manager of the biomet- 
rics project for the city of Stockholm, says 
he had no such problems linking his Saflink 
Corp. fingerprint application to NMAS. He 
adds that AD would never be able to 
scale to the size of his enterprise. “Novell 
has everything we need in the NMAS 2.1 
software module. The installation went 
fast. What took time was scanning all the 
fingerprints into the system,” he says. 

- Deborah Radcliff 


substitute of choice for users. But 
Smith and analysts say biometrics will 
remain a secondary form of authenti- 
cation — primarily inside the network 
— because of privacy concerns, cost, 
bulky hardware and the possibility of 
false readings. 

Convenience is what drove the Flori- 
da Supreme Court system in Novem- 
ber to begin replacing passwords with 
Compaq Computer Corp. fingerprint 
readers and BioLogon software from 
Identix Inc. in Los Gatos, Calif. The 
project covers 650 desktops at a cost of 
about $120 per user. 

“In our trial courts, some of our 
judges have to make case rulings every 
hour. And in the Supreme Court, our 
justices spend a lot of time in re- 
search,” says Alan Neubauer, a senior 
network support analyst for the court 
system. “[Judges] can’t be bogged 
down trying to remember ‘Now what 
was that 20-character password I was 
supposed to remember this month?’ ” 

Concerns about privacy were 
Neubauer’s first hurdle during the 
programs pilot. 


| 





“Half the judges had this precon- 


| ceived notion that their fingerprints 
| are floating out on the Internet,” he 


says. But the Identix BioLogon soft- 
ware transmits and stores only a 
mathematical grid of points on the fin- 
gerprint, not the print itself. It’s also 
encrypted in transit and in storage. 

Interestingly, concerns about priva- 
cy never arose among teachers and 
parents of children involved in the 
Stockholm pilot, says Hamouni. In- 
stead, his problem was finding a fin- 
gerprint reader that could recognize 
child-size fingerprints. Saflink’s, he 
says, was the only one that could. 

Users advise to check the stability of 
biometric vendors carefully before 
buying products. Neubauer, for exam- 
ple, started with five vendors, but dur- 
ing trials, three of them dropped out of 
the market. 

There are many other authentication 
types moving into the market, such as 


keyboard behavior-recognition soft- 


ware from Authentor Systems Inc. in 
Englewood Colo., and IP-address and 
hardware identity systems from 


| Safewww Inc. in Uniondale, N-Y. 


But for Web-based access, pass- 
words still rule, according to John 
Pescatore, security research director at 


| Gartner inc. in Stamford, Conn. 


“Less than 0.5% of Internet transac- 
tions today are using anything stronger 


than a password. We feel passwords 
| will be king through the year 2003,” 


Pescatore says. 

But password administration pre- 
sents management problems — includ 
ing lost passwords, password resets 
and user account management — that 
aren't easily solved. Nor are users like- 
ly to memorize alphanumeric charac- 
ter strings that are reset monthly. And 
that means they will circumvent secu- 
rity, Smith says, defeating the purpose 

For these reasons, Hamouni thinks 
passwords are already dead. But he 
warns against buying any new authen- 
tication system because of its “cool” 
factor, particularly with so many ven- 
dors entering and leaving the market. 

“Before you change your authentica- 
tion infrastructure, you need to figure 
out what you will use it for and then 
tailor it to fit the user,” advises 
Hamouni. “Work with your vendors. 
And don’t rush it.” D 
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Safe and Secure 


Network security specialists are finding that their 
hot skills offer career comfort. By Sharon Watson 


WAYNE MOEHL, project direc- 

tor of enterprise systems at 

Northwestern Memorial Hos- 

pital in Chicago, needs two 

good network security profes- 
sionals for the 720-bed facility. 

In addition to securing the hospital 
network from the IP layer to the end 
user, Moehl! must comply with federal 
health care privacy regulations that 
are long on requirements for protect- 
ing patient data but short on system 
specifics. And in the post-Sept. ll envi- 
ronment, he’s trying to safeguard the 
hospital’s complex network with in- 
creased automation. 

It’s a job Moehl can’t do alone, even 
with the security knowledge he’s gained 
by creating network architectures. 

“What I do know is, there’s a lot of 
stuff I don’t know,” he says. In addition, 
Moehl says, new security techniques 
and risks seem to surface every week. 

That’s why Northwestern, with 167 
IT professionals on staff, is adding an 
executive security management posi- 
tion, as well as a hands-on network se- 
curity post. The hospital isn’t alone in 
seeking network security expertise: 
Many companies, especially those in- 
volved in e-commerce or regulated by 
the federal government, have been 
making network security an IT priority 
in the past year. And because there’s an 
insufficient supply of skilled profes- 
sionals to meet the growing demand, 
network security is emerging as IT’s 
next hot job market. 


A Fertile Field 


“One of the broadest gaps between 
supply and demand is in security,” says 
David Foote, a Computerworld colum- 
nist and president and chief research 
officer at Foote Partners LLC, an IT 
workforce research and consulting 
firm in New Canaan, Conn. “Demand 
is particularly rapid for people who 
can walk and talk security as well as 
business issues.” 

Descriptions and titles for network 
security positions are still in flux. In 
general, responsibilities of security 
administrators and analysts include 
creating network security policies and 





| DWAYNE MOEHL needs network security 


professionals to help Northwestern Memor- 


| ial Hospital comply with federal health care 


privacy regulations. 


procedures and implementing and 
overseeing tools to support them. Sal- 
aries for these jobs range from $75,000 
to $100,000, assuming a minimum of 
three to five years of experience. 
Engineer/architect positions are 
more technical and may encompass 
creating secure networks, plus build- 
ing firewalls, implementing intrusion- 
detection systems, handling incident 


| response and performing some man- 


agement responsibilities. Salaries for 
these positions range from $85,000 to 
$140,000, depending on industry, geo- 
graphic region and the demands of the 
job, says Tracy Lenzner, president of 
Lenzner Group, an IT security recruit- 
ing firm in Las Vegas. 

Because understanding TCP/IP is 
critical to many security functions, 
network professionals have an advan- 
tage in entering the security arena. But 
networking skills alone won't win jobs. 
“Security is another level of skills and 
knowledge you must put on a seasoned 
networking background,” says Moehl. 

For example, network security pro- 
fessionals must first understand how 





Dos and 
Don'ts 


DO look for security jobs in 
industries that must comply 
with privacy regulations, such 
as banking and health care. The 
more specific your business 
knowledge of these industries 
and the regulations they face, 
the more valuable you are, say 
recruiters. 


DO consider gaining security 
skills for wireless networks and 
devices. “Wireless is going to 
be a tremendous area,” says 
Tracy Lenzner, president of 
Lenzner Group. She and other 
recruiters say they expect that 
market to heat up this year. 


DO build your soft and busi- 
ness skills for more options 
along a security career path. 
Network security professionals 
say they must be able to show 
management how security 
measures fit into a company’s 
business plan 


DON'T expect security courses 
and certifications to substitute 
for hands-on, practical network 
security experience. Instead, 
lend your networking expertise 
to security projects within your 
company to gain experience. 


DON'T become a criminal 
hacker, or “black hat,” thinking 
you'll parlay that experience into 
a corporate job. “You'll perma- 
nently damage your career,” 
warns Jonathan Taylor, an en- 
terprise security engineer at 
Sutter Health. 


~ Sharon Watson 
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applications perform at the packet lev- 
el and then learn to recognize minor 
anomalies in packet size or order that 
signal an attack, says Jonathan Taylor, 
an enterprise security engineer at Sut- 
ter Health, a Sacramento, Calif.-based 
nonprofit health care network that 
serves more than 100 communities. 
Also, employers demand candidates 
with practical security experience, say 
recruiters. Network security profes- 
sionals and recruiters recommend get- 
ting this experience by working on se- 
curity projects employers already have 
under way. Taylor says he got involved 
with security through a network engi- 
neering project and “fell in love with it.” 


Sold on Certification 


Taylor and other professionals also 
add to their skills by attending security 
conferences, scouring security bulletin 
boards and books, and enrolling in se- 
curity education and certification pro- 
grams. The two certifications most in 
demand among employers are the Cer- 
tified Information Systems Security 
Professional (CISSP) from the Interna- 
tional Information Systems Security 
Certification Consortium Inc. in Fram- 
ingham, Mass., and Global Information 
Assurance Certification (GIAC), which 
is offered by the SANS Institute in 
Bethesda, Md. 

Such certifications often yield bonus 
pay, says Foote. His research through 
the third quarter of last year shows 
that the median bonus for CISSP- 
certified network security profession- 
als was 8% of base pay; the median 
bonus for GIAC-certified professionals 
was 5% to 12% of base pay. 

As security is growing in importance, 
it’s also getting more funding. “I’m hear- 
ing it’s easier to get security budget dol- 
lars these days,” says Todd Furney, man- 
ager of systems and network security at 
the Chicago Board Options Exchange. 

That doesn’t mean network security 
is being handed a blank check. “A big 
part of your job is selling security to 
management,” says Furney. He and 
others emphasize that good communi- 
cation skills and business knowledge 


| are necessary to succeed in either spe- 


cialized security niches or on security 
management career tracks. D 


Watson is a freelance writer in Chicago. 
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NICHOLAS PETRELEY 


Petreley's Law 
Of Sysadmins 


HREE AXIOMS will drive the future of enterprise net- 

working: Moore’s Law, Metcalfe’s Law and Petreley’s 

Law, which I will define for the first time here. 

Gordon Moore, co-founder of Intel, originally stat- 

ed in 1965 that the number of transistors per square 
inch in integrated circuits would double every year. It turned 
out to be more like every 18 months in practice, and Moore 
blessed a revision of his law to adapt to reality. 


Ethernet inventor Bob Met- 
calfe stated in his law that the 
usefulness of a network in- 
creases at a rate in proportion 
to the square of the number of 
users on that network. 

I would like to propose a 
new law to complement these 
others: The security of any 
corporate network is inversely 
proportional to the number of 
systems administrators 
on the network. 

Metcalfe’s Law 
trumped Moore’s Law in im- 
portance the moment that 
companies connected to the 
Internet. One could see evi- 
dence of this as users stopped 
screaming for more powerful 
PCs and instead started de- 
manding more bandwidth. 

That doesn’t mean Moore’s 


OPINION 


| Law is no longer relevant. If 
you restate Moore’s Law as 
“Processing power is cheap, 

| and it keeps getting cheaper,” 
Moore’s Law still has a very 
important part to play, even if 


about the speed of the main 
CPUs on their desktops. 
One way to address security 


users no longer care as much 
is to encrypt information be- 


fore you pass it to the 

network. We normally 

associate encryption 

with a performance hit because 

it’s CPU-intensive, but Moore’s 
Law allows us to do encryption 
in network interface card 
hardware at decreasing costs. 

| As processing power contin- 

| ues to get cheaper, network 
interface card vendors have 
added hardware-assisted IPSec 


| encryption as a checklist item. 
The problem is that many 
of you are probably taking ad- 
vantage of these features only 
if your company has imple- 
mented virtual private net- 
works (VPN). But there’s no 
reason why anyone should be 
sending plain-text information, 
let alone plain-text passwords, 
over the Internet anymore. En- 
cryption needs to graduate 
from VPNs and Secure Sockets 
Layer-enabled Web sites and 
become the standard for com- 
munications over the Internet. 
I would also like to see auto- 
matically negotiated data com- 
pression protocols become 
part of Internet communica- 
tions standards. That would 
make hardware-assisted data 
compression eventually be- 








come a checklist item for fu- 
ture network interface cards. 
In many cases, this could in- 
crease data throughput and 
therefore result in a perceived 
increase in bandwidth, regard- 
less of your physical connec- 
tion to the Internet. It may be 
a hard sell to get someone to 


| buy a computer because the 


CPU runs 100 MHz faster, but it 

would be easy to sell anything 

that increased perceived band- 

width (hint, hint, Intel and 

3Com, to name but two net- 

work interface card vendors). 
One company that seems to 

have a clue in this regard is 

SSH Communications Secu- 

rity in Palo Alto, 

Calif. It has several 

products and pro- 

posals that com- 

bine compression 

with the IPSec 

protocol in both 

hardware and soft- 

ware. SSH also has 


| other interesting 
| technologies, such 


as one that lets you 
use IPSec along 
with network ad- 
dress translation 
(NAT). NAT is a 
technique that lets 


you connect several clients on 


| your network to the Internet 

| simultaneously without hav- 

| ing to give each of them its 

| own public IP address. IPSec 
| doesn’t currently support 

| NAT, but SSH has managed to 





add the capability without vio- 


| lating the IPSec standard. 


Now to throw the monkey 


wrench into the works: Petre- 


ley’s Law. Stated again, the 


| security of any corporate net- 


work is inversely proportional 
to the number of systems ad- 


| ministrators on the network. 


The crucial question, there- 


fore, is how many systems ad- 
| ministrators does your compa- 
ny have? Care to take a guess? 

| Three? Ten? Fifty? 


Bzzzt. If you work at a large 
company that puts a Windows 
PC in the hands of every user, 


| then you have thousands of sys- 


tems administrators. Windows 
still gives user applications 


| write access to system files, 
| which means any user who 


accidentally downloads a virus 
or Trojan horse provides the 
malicious program with sys- 
tems administrator privileges. 
This isn’t the case with 
most other oper- 
ating systems, in- 
cluding Linux, 
BSD, Solaris and 
other Unix vari- 
ants. In Unix, a 
user is a user and 
any program he 
runs can have only 
the privileges that 
are assigned to 
him. Think about 
that when you 
make plans to lock 
down security for 
your enterprise 
network. D 


Se 


Favorite Keatures 


Frame-relay users say they use — or plan to use — 


IP-based VPNs 


Considering an IP-based VPN? Here’s an analysis of the top-tier vendors: 


Company 


Current rating 


Status 
Established 


Momentum Vision 


Positive 


the following features: 


69% 


Neutral/Positive 
Neutral/Positive 
Positi 

Positive 

Neutral 

Very positive 


Frame-relay-to-IP internetworking 
Voice over frame relay 


AT&T 
Broadwing 
iPass 
Qwest 
Sprint 
WorldCom 


SOURCE: CURRENT ANALYSIS INC 


Positive 
Neutral/Positive 
Positive 
Positive 

Neutral 

Very positive 


(WWW.CURRENTANALYS 


56% 
51% 
40% 
23% 


Neutral/Positive 
Positive 
Positive 

Neutral 

Very positive 


JANUARY 2002 


Established 
Emerging 
Established 
Established 
Emerging 


STERLING, VA 


Disaster recovery 
Managed frame-relay services 
Multilink frame relay 


Base: 60 U.S. frame-relay users; multiple responses allowed 


1S.COM) SOURCE: IDC, FRAMINGHAM, MASS.. NOVEMBER 2001 
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verse group. 


NSURANCE 


Get there with State Farm. 

At State Farm we're proud to celebrate diversity 
In our workforce as well as our job opportunities. 
The different outlooks our people offer, along 
with their various experienc help make 
our company successful. The why, from 
banking to underwriting, every individual's 


contributions are highly valued e Where you can 


é : be an individual. 
For more information, visit statefarm.com 


or email jobopps.corpsouth@statefarm.com 


SURI 

NETWORKWORLD, 
COMPUTERWORLD, 

AND INFOWORLD : 
He_p You Do A BETTER Jos. 


Now Let Us HELP 
You GET ONE. 


IT eco 


IDG Recruitment Solutions and IMDiversity.com 
are partnering to produce career related 
advertising supplements focusing on Diversity in 
Information Technology. Our next supplement is 
scheduled to run on March 4, 2002*. 
EL Core eM alle mm CMe CUBR ots 


“Date subject to change. 


For more information about advertising, please 
call Janis Crowley at 800-762-2977, ext. 7607 
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IT CAREERS 


DIVERSITY IN IT CAREERS 


Diversity in the information technology industry 
is nowhere close to where it needs to be. Harris N. 
Miller, president of the Information Technology 
Association of America spoke before the U.S. House 
Committee in March of 2000. The statistics he cited 
were alarming: 

© African Americans represented 5.4 percent of all 

computer programmers and 7.1 percent of com- 
puter systems analysts—two of the core jobs in 
the industry 

© Hispanic Americans held 4.6 and 2.5 percent of 

these jobs, respectively. 

© Native Americans represented only .2 percent 

of the total science and engineering labor force, 
yet they represent .7 percent of the total U.S. 
population. 

In 2001, not too much changed. Although there 
were a significant number of African Americans in IT, 
“not that many have arrived at positions of power 
and decision-making,” says Renee McClure, national 
president of Black Data Processing Associates. 

And, with the recent stumbling economy, there's 
been a 44 percent drop in demand for IT workers in 
the U.S., according to the Information Technology 
Association of America. 


The Information Technology 
Industry Defined 

In its narrowest sense, the information technology 
industry is defined as those organizations concerned 
with furthering computer science and technology, 
design, development, installation, and implementa- 
tion of information systems and applications. Yet 
professionals versed in any of those areas fit into 
every spectrum of the economy. And, because of 
this, even given the economic downturn, there 
are still some jobs where IT professionals are in 
great demand. 
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Diversity in the IT Field 


By Jennifer Hicks 


SIMprversity 


Computer Systems Analysts, 
Engineers, and Scientists 
The need for systems analysts, engi- 

neers, and computer scientists is acute. 
In fact, this group ranks among the top 20 in the 
number of new jobs created through 2008, according 
to the 2000-2001 edition of the Occupational Outlook 
Handbook (00H). While found in every sector of the 
economy, many computer analysts, engineers, and 
scientists are concentrated in the computer and data 
processing services industries—either as employees 
or independent contractors. 


Programmers 

There are two broad types of program- 
mers—those who deal with systems and 
those who deal with applications. Employ- 
ment of programmers is expected to grow 
between 21 percent and 35 percent through 
2008, according to the OOH. Although pro- 
grammers are found in every industry, the 
largest concentration is in the computer and 
data processing services industry. 


Opportunity for Advancement 

For seasoned IT professionals, promotions 
can be difficuit—unless your employer 
provides training opportunities. Technology 
changes rapidly and unless one has 
up-to-date skills and training, moving up the 
corporate ladder can be impossible. Those 
organizations that provide access to train- 
ing—and thus "grow their own" IT pros—are 
also more likely to make career advancement 
possible within their organizations. 


Perceptions of Those in the Field 

A 2001 survey by the Information Technology 
Association of America, IT Magazine, and U.S. Black 
Engineer found that the primary reason people entered 
the IT field was for training opportunities and profes- 
sional development, followed by salary and benefits. 


African Americans were the primary respondents 
(78 percent) to the survey, followed by white Ameri- 
cans (10 percent), Asian Americans (7 percent), 
Hispanic Americans (3 percent) and Native Americans 
(1 percent). Fifty-five percent of the respondents were 
men and 45 percent were women. 

Men cited early exposure to the industry as 
the reason for entering; women cited prior work 
experience. The report surmised that we should “be 
mindful of how young persons in target populations 
encounter technology" and that we could face serious 
consequence if we don’t introduce girls to technology 
at the same rate we do boys. Many respondents also 
said they believed many women and minorities were 
not aware of opportunities within the industry and 
suggested that more internships and mentoring could 
help raise awareness and interest. 


g to Fortune Magazine. 
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Gateway 
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Apple Computers. 
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director of online content for IMDiversity.com 
http://www.imdiversity.com, the Web site where 
opportunities, careers, and diversity connect. 
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| Houston, San Francisco and Los Angeles 
SECURITY SYSTEM INTEGRATOR 


| configuration, LDAP, RDBMS, Unix/Solaris and NT. 





IT CAREERS 


PricewaterhouseCoopers is a global leader in information security and privacy 
| | Solutions. We work with the country’s largest corporations to secure their 

| networks, and offer proven methodologies, best-of-breed tools and best 

| | practice services, with more professionals in this field than any competitor. 


Which means there’s no better place to develop your security skills. 
And with a firm commitment to growing this practice, our future is looking 
| secure, too. We currently have exceptional opportunities available in 
| Boston, New York, Washington DC, Atlanta, Chicago, Detroit, Dallas, 


You'll perform technical aspects for Identity Management and secure systems 
| implementations. This will include the analysis, design, integration and testing 
of multiple systems on various operating platforms. 


| You must be skilled in technical writing and the documentation of system 
integration, and have 1-3 years’ hands-on experience of Web security tools 
| (Oblix, Siteminder, BMC Control-SA, Access 360), Web server installation and 


| You'll need a Bachelor's degree and consulting skills that complement your 
| technical knowledge. The position involves extensive travel. Please forward 
| your resume to abas-resume@us.pwcglobal.com, placing the reference 


| number DJDZ\CMPP\0121C in the subject line 


PricewaterhouseCoopers is proud to be an Equal Opportunity Employer. 


PRICEWATERHOUSE(COPERS 


ewaterhouseCoopers LLP. Pricewaterhous: 
rs of the worldwide PricewaterhouseCoo} 


lers to the U.S. firm of PricewaterhouseCoopers LLP and 








BindView Corporation is 
ad n provid } network and security 
WUTIONS BindView suite of cross 

ftware and associated services help 

, automate and lower the costs of managing 


n technology infrastructures 


n Houston, 


« Visual C++ Software Engineers - 2+ yrs. in 
jov OOA/OOD 


cols. Security exp. a plus. BS 


NT environment , MF( 


einrelated area depending 


* Software Quality Assurance Engineers - 
p. QA testing. Exp. with installing/ 
trating NT and/or 


ripting lar ages a plus. Associate’s degree or 


vell operating systems 


higher depending on position level - or - equivalent 


related work experience 


= OLAP Specialist - 4+ yrs. as DBA; exp. with 
LAP, data modeling, Sequel S« 7.0+. BS or 


ter Science relate: 


put 


i depending 


n level 
career opportunity information, visit 
www.bindview.com 


Office: 5151 S$ Felipe, 22nd Floor 
nn, TX 77056. Phone: 713-561-4000 or 
1-800-749-8438 x4122 


H tc 
Houst 


We offer a flexible, creative and energetic 
environment with an excellent benefits 
package. Submit resumes to 


Recruiter3@bindview.com 
(reference job code BIND VIEW. \ 
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Heidelberg Digital L.L.C. is 

a world class organization 

developing, manufacturing, and 

supplying high volume digital 

printing systems using leading 

edge technology software. We 

are currently recruiting for the 

foliowing positions 

Electrical Engineer 

* Software Engineer-Tearn Leader 

* Software Developer 

* Vice President of Operations 

* Manufacturing Technology 
Engineer 

The aforementioned positions 

require a minimum of a B.S 

or M.S. and 0-5 years’ industry 

expenence 


For all positions, send resumes 
to: 

Human Resources, 
Heidelberg Digital L.L.C 
2600 Manitou Road 
Rochester, NY 14624 
Fax: (585) 512-8752 
We are an equal opportunity 

employer. 


eMerging Information Systmes, 
Inc. Entry Level Java Developer- 
Bachelor's Degree Computer 
Engineering, Computer Science 
or related fieid & 2 years experi- 
ence in software development/ 
Programmer or computer related 
occupation. Mid-Level Java 
Developer-Bachelor's Degree 
Computer Science, Engineering 
or related field & 3-6 years 
experience in software develop 
ment/programmer or computer 
related occupation. Software 
Quality Assurance Engineer 
Bachelor's Degree or equivalent 
in Computer Science, Computer 
Graphics or related field & 1 
year experience as Computer 
Programmer/Analyst or Developer 
or Software Engineer. eMiS 
offers excellent compensation 
with an outstanding benefits 
package. Send resume to 
jobs@emis-intl.com For more 
information: www.emis-intl.com 
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divine, inc. computer software 
applications developers and 
consultants, are seeking qualified 
applicants for the following posi- 
tions: Systems Engineer, Senior 
Application Integration Engineer, 
Software Engineer, Sr. Consultant 
Director of Development and In 
tegrations, Development Director, 
Loader/Development Team Lead, 
Gateway Developer and Director 
Openings are available at the 
following locations: Fairfield 
CT., Chicago, IL., Denver, CO. 
Norcross, GA, Columbus, OH 
and Santa Monica, CA. interested 
applicants should forward their 
resumes: divine, inc., Attn: DK 
1;3333 Warrenville Rd., Lisle, IL 
60532 or by fax addressed to DK 
1 at: 630-799-7508. EOE 
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world. 
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You can 
find a 
better 


JOB 


with one 
and tied 
behind 

your bac 


Just point your 
mouse to the 
world’s best 


IT careers site. 


Brought to 
you by 
Computerworld, 
InfoWorld and 
Network World. 


Find out more 
Call your 
ITcareers Sales 
Representative 
or Janis Crowley, 


1-800-762-2977 
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Few companies see the full scope of 
the contribution IT can make to their 
business. Fireman's Fund, a leading 
insurance company, will actively 
empower you to make that difference. 
Our Shared Services infrastructure 
positions you to make decisions with a 
tangible impact on the profitability of 
technological solutions. We'll give you 
the accountability you crave and 
inspire you to make the most of it — 
with lucid guiding principles, 
energized co-workers, and exceptional 
rewards. With your commitment, and 
that of our global parent, Allianz AG, 


there’s nothing we can’t accomplish. 


MAKE YOUR 
OLD JOB 


JEALOUS. 


Advance your coding, testing and debugging skills leading development of a platform-independent 
user interface for OS/2 applications. Create new N-Tier applications and critically analyze vendor 


proposals and solutions 


Play a key role creating IT solutions to enable achievement of business goals. Interview users and 
conduct feasibility studies to determine system specifications, then implement testing and ongoing 
evaluation of solutions. Responsibilities range from promoting efficiencies within client business areas 


to facilitating workflow within IT. 


Manage multiple IT projects such as business applications, architecture, data marts, operational data 
stores and infrastructure. Take responsibility for the complete project lifecycle from developing tactical 


and strategic approaches to cost/benefit analysis and risk assessment 


Analyze requirements, design and program applications for Enterprise e-Business projects, working 
closely with consultants, business analysts and other developers. Applications will primarily be deployed 


on WebSphere servers running on AIX platforms. 


These are examples of the types of positions you may find at various locations of Fireman's Fund. 

Be the first to hear about Fireman's Fund opportunities that are relevant to you, with our newly 
launched Career Navigator. Take two minutes to register and create your skills profile and we'll match it 
against every position that becomes available. When a good match comes up you'll instantly be notified 


by email, and can decide whether to take the next step. It's a great way to let your perfect job find you 


www.firemansfund.com/careers/ita20.html 
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Senior Software (Java/C++ ) 
Developer (2 positions); Atlanta. 
Georgia: Work w/decoder appiet 
Suite to add functionality including. 
but not limited to, looping, audio 
or video only support, support for 
a default image upon applet error 
& pause/start/stop support 
Enhance & test the video email 
& demonstration video chat 
products. Convert company's 
datagram to a format for stream- 
ing in RTP/RTSP protocols 
Enhance, test & maintain live 
encoding & broadcasting products. 
Add customer-requested features 
to the applet suite & encoding 
station. Continue developme 
or the prototype wireless 
streaming media application 
Assist ordination & mgmt. of 
product initiatives. Conduct unit 
& system testing. Work w/t 
encryption in tiative encrypt 
the EyeWonder encoded file 
Assist in developing DSP & 
FPGA chips for real-time encod- 
ing & decoding interfaces to 
PCs, servers, cameras, Internet 
appliances, & wireless devices. 
Add ac s & read protection 
features to applet suite. Enhance 
prototype wireless streaming 
media applicati 
al-grade f ct. Assist in 
oving motion-compensation 
algorithm in the video encoder 
rtto the encoding 
0 enabie service-based 
1g. Apply knowledge of 
UNIX, IBM's WebSphere or 
on server; UML. 
damental princi 
a contro! 
control, etc.) devel 
gna cessing 
nes, linear algebra 
rential equations 
gramming & 
ude C++/design 
w/proficiency in 
Builder, IBM's 
Visua 


slor's Degree or 
ectrical Engineer 


reading, writing, 
maintaining 
source code 
ng & strearr 
as RDP. 
rward 


resume 


Systems Analyst; $63K; 8a-5p 
40 hrs/wk; Analyze, design, dev 
impimnt, test & modify software 
sys & applics based on user 
reqmts using Visual C++, MS 
SQL Server & Oracle; Masters 
or equiv in Computer Sc or 
Engg; Electronics, Electrical or 
related branch of Engg; Physics. 
Chemistry, Math or Statistics. In 
lieu of Masters, can have Bach 
elors in spec majors and 5 yrs 
of prog work exp as computer 
professional. Report or send 2 
resumes: North Metro J.O # GA 
7046248, 2943 N. Druid Hilis Rd 
Atlanta, GA 30329 or nearest 
DOL Field Srv Office. Reference 
Job: RY 


F/T Software Engineer. Respon- 
sible for creating Functional 
Specification documents based 
on design requests & producing 
& implementing High Level 
Designs for assigned functional 
areas. Perform Unit Testing on 
developed codes & troubleshoot 
defects found. Design & imple- 
ment new modules in client server 
environment & maintain server 
modules written in C. Provide 
technical support to clients, eval- 
uate business requirements & 
develop software & documenta: 
tion according to established 
standards using Centura 1.1 
Centura w/ embedded SQL 
SQL, Sybase, Gupta SQL, MS 
SQL, Oracle & Visual Basic 
Must have Bachelor's degree 
in CS, Info. Systems Engin 

Computer Engin. or related field 
Foreign degree equivalent ac- 
cepted. Must have 3 yrs. of exp 
in job offered or position w/ same 
duties. Salary: $62,920. Send 
resume: Betsy Moya, Sema, 701 
Waterford Way, Suite 300, Miami 
FL 33126 


F/T Software Engineer. Respon- 
sible for creating F 

Specification documents based 

on design requests & producing 

& implementing High Level 

Designs for assigned functional 

areas. Perform Unit Testing on 

deveioped codes & troubleshoot 

defects found. Design & imple 

ment new modules in client 

server environments & in the 

BSCS system. Provide technical 

support to clients, evaluate busi: 

ness requirements & develop 

software & documentation ac- 

cording to established standards 

using Centura w/embedded 

SQL, G SQL, PL/SQL, C 

C++ Unix & Oracle 

Must have Bachelor's degree in 

Computer Science related 

Employer will accept 

dec ieu of 

degree 

D ust have 

p. in job offered or 

same duties. Salary 

Send resume to Betsy 

Sema, 701 Waterford 

2 300, Miami, Florida 


Full-time Software Test Enginee 


Responsible maintaining system 


performance, functionality & sys: 
tem integration and regressior 
velop software 
& be responsible 
for the generation & executic 
test cases & test plans. Work 


Centur iL, SQL Plus, SQA 


of study. Foreigr 


accepted 


same duties. Salary 
resume to Betsy Moy 
2up PLC., 701 Waterford 
Miami, Fiorida 


MatrixOne, Inc., a leader in prod- 
uct development manag 
software, seeks 
of Managing Director of Profes 
al Services in their Cheims: 
ford, MA office. Position requires 
a degree and managerial-level 
work experience, or in the alter 
native, extensive project man 
agement experience in a de- 
manding consulting organization 
employing a broad sweep of 
technologies including ERP. PDM, 
CAD, Viewers and Integrations. 
Must be willing to travel 95% of 
the time to customer sites. If 
interested, send resume to 
Alison Kiefer, HR Representative 
MatrixOne, inc., Two Executive 
Drive, Chelmsford, MA 01824 
via fax: 978-441-0071, or e-mail 
alison.kiefer @ matrixone.com 


IT CAREERS 


Systems Analyst - IS/IT Prof 
Conslitng Sves Co. in Piscataway, 
NJ. Bachelors degree in Comp. 
Sc., Engg. and 2 yrs. exp. reqd. 
Proficiency with C, C++, Visual 
C++, Rational Rose. Respond 
by resume to: (Ref. #GG7901). 
Subex Technologies, Inc., 255 
Old New Brunswick Road, S240. 
Piscataway, NJ 08854. (no 


phone calls). 


A Quality Assurance Test Engi 
neer sought by company in 
Denver, CO specializing in busi- 
ness software solutions to work 
in Denver & other unanticipated 
job sites in the US. Engage in 
testing and quality assurance 
development work on financial 
software applications which run 
in an AS/400, Windows or envi- 
ronments, or are web-enabled 
Specifically, test financial 
processes to determine if the 
applications meet general 
accounting, tax, and financial 
standards as well as localized 
standards. Identify problems and 
bugs and interact with program- 
mers in problem resolution 
Re-test the modified processes 
and applications, and certify that 
the problems have been resolved. 
Improve and document test 
plans and processes. Requires 
Bachelor's degree in business, 
finance or related field, including 
business finance or business 
administration; two years of 
experience in business software 
testing and development. 8am- 
5pm, M-F; $46,000/yr. (2 opgs.) 
Respond by resume to James 
Shimada, Colorado Department 
of Labor & Employment, Employ: 
ment & Training Division, Tower 
ll, #400, 1515 Arapahoe, Denver 
CO 80202, & refer to Job Order 
Number CO5010603 


IT Project Manager-Will work in 
various unanticipated loca 
throughout the US. Lead eve 
aspect & entire development for 
IT projects & deliver th t 
clients within prescribed quality 
time frame, & budget: consult 
clients to clarify program objec 
tive; determine methodology & 
design approaches; guide team 
members with technical issues 
integrate multi-site & multi-na 
tional systems; train, assign, & 
review work of programming per 
sonnel, prepare project progress 
report; recommend IT consultant 
hiring & inter-project employee 
movement. Principally use AD: 
ABAS, VSAM, NATURAL, PRE 
DICT, MVS, JCL, Cobol, Unix 
IBM mainframe, & Windows 
Regs: 4 yrs exp in a related oc 
cup as a Software Engg, Prog 
Analyst, DBA, Application Prog 
or grammer. Must have 4 yrs 
exp in development of comp sys 
tems & 2 yrs using at least half 
of the tools/platforms mentioned 
in the job description. $52/hr, 40 
hrs/wk, 8a-5p, M-F. Mail resume 
to: Colorado Department of La- 
bor & Employment, Employment 
Programs, ATTN: Jim Shimada 
Two Park Central, Suite 400. 
1515 Arapahoe Street, Denver. 
CO 80202-2117, & refer to order 
#CO5010756. Application is by 
resume only 


Senior Systems Developer 
PAREXEL International, an int'l 
CRO, is looking for a Senior 
Systems Developer in our Boulder, 
CO office. Responsible for de 
signing, testing, validating and 
maintaining distributed network 
Clinical applications. Must have a 
MS or foreign equiv. in CS, MIS 
or a related field plus 2 yrs exp in 
Clinical database and clinical 
software development. Send 
resumes to: hr@parexel.com or 
HR, 195 West Street, Waltham 
MA 02451. PAREXEL is an 
equal opportunity employer. 


F/T Software Developer. Respon- 
sible for researching, designing 
& developing computer software 
systems in conjunction w/hard- 
ware product development for 
Oracle applications, applying 
principles & techniques of com- 
puter science, engineering & 
mathematical analysis. Analyze 
software requirements to deter- 
mine feasibility of design & consult 
w/ engineering staff & evaluate 
interface between hardware & 
software & operational & perfor- 
mance requirements of overall 
systems. Responsible for software 
system testing, procedures 
programming & documentation 
working w/ Developer 2000 
Pro*C, PL/SQL, Unix, Oracle V8, 
Report Writer 3.0, VAX/VMS 
& Ingres. Must have Bachelor's 
degree in Computer Science or 
related field. Foreign degree 
equivalent accepted. Employer 
will accept Master's degree in 
lieu of Bachelors. Must have 8 
yrs. exp. in job offered or position 
w/ same duties. Salary: $85K 
Send resume to Frank Stinger, 
Suntory Water Group, Inc., 5660 
New Northside Dr., Ste. 500. 
Atlanta GA 30328 


F/T Software Engineer. Respon- 
sible for creating Functional 
Specification documents based 
on design requests & producing 
& implementing High Level 
Designs for assigned functional 
areas. Perform Unit Testing on 
developed codes & troubleshoot 
defects found. Design & imple- 
ment new modules in client 
server & Java environment & 
maintain server modules written 
in C. Provide technical support 
to clients, evaluate business 
requirements & develop software 
& documentation according 
© established standards using 
Centura w/ embedded SQL 
Cobol SQL, UNIX, Unix Sheil 
Scripts & ORACLE. Must have 
Bachelor's degree in Computer 
Science or related field. Foreign 
degree equivalent accepted 
Must have 3 yrs. exp. in job 
offered or position w/ same 
duties. Salary: $64K. Send 
resume: Betsy Moya, Sema, 701 
Waterford Way, Suite 300, Miami 
FL 33126 


6 openings available for a 
Programmer-Analyst to plan 
develop, test, Program, debug 
computer programs using various 
computer languages. Evaluates 
user requ or new or modified 
program and analy view 

and alters program to increase 
operating efficiency or adapt new 
requirement and write 
documentation to describe 
program development, logic, cod- 
ing, and Corrections. Bachelor 
Degree or its equivalence and two 
years rience in Computer 
programming. Salary $73,424.00 
Send resume to Aptech Profes: 
sional Solutions, Inc., 300 West 
Washington Street, Suite 1408 
Chicago, IL 60606 


Programmer Analyst (2 positions) 

Plans, develops, tests and 
documents computer programs, 
applying knowledge of program- 
ming techniques and computer 
systems. Design and implement 
computer based management 
system using C++, Rational 
Rose, Java and UML on both 
UNIX and Windows NT systems 
Requires Bachelor in Computer 
Science, Engineering or Mathe- 
matics. Must have 3 years exp 
in the job offered or 3 years exp 
as a Software Engineer, Systems 
Engineer or Systems Analyst 
Must have 1 yr exp using C++ 
Java, Rational Rose and UML on 
both Unix and Windows NT 
systems. 5 day, 40 hr/wk 
$75,000/yr. Please mail resumes 
to Colorado Department of 
Labor and Employment 
Employment Programs, ATTN 
Jim Shimada, Two Park Central, 
Suite 400, 1515 Arapahoe 
Street, Denver, CO 80202-2117 
and refer to order number 
C05010412 


Business Systems Analyst 
(Libertyville, IL) Configure busi- 
ness systems software; analyze 
business processes; design, 
develop and implement SAP’s 
SD, PP, MM & Logistics modules 
perform scripting exercises; 
designs and configure the ERP 
system; design and configure 
Financial Business System 
software; design reports, forms, 
interfaces, custom programs and 
conversions; lead projects; execute 
system unit and integration 
testing including testing, config- 
uration and error resolution; 
provide user training; identify 
business processes and system 
tasks to be documented. 


Bachelor's degree in Mechanical 
Engineering or Computer Science 
required. One year experience in 
the position or one year as an 
SAP Consultant and/or Senior 
Engineer-Manufacturing required 
Experience in related occupation 
must include the design, devel- 
opment, and implementation of 
SAP's SD, PP, MM and Logistics 
modules 


40 hrs./wk.; 8:00a.m. - 5:00p.m.; 
$70,000/year. 


Applicants must show proof of 
legal authority to work, including 
those with temporary work 
authorization 


Send 2 copies of both resume 
and cover letter to lilinois 
Department of Employment 
Security, 401 South State 
Street - 7 North, Chicago, Illinois 
60605. Attention: Leila Jackson 
Reference Number V-IL-27241- 
J. AN EMPLOYER PAID AD. NO 
CALLS. 


Programmer. Responsible for 
designing, coding and testing 
software, also responsible for 
programming by using C/C++ 
and JAVA language, developing 
new web-enabled customer ser- 
vice tracking system for interna 
tional trade and service, modifying, 
updating and upgrading compa- 
ny's database, preparing unit 
testing and system testing 
documents as well as system 
maintenance. Salary: 45,000/yr, 
40 hr/wk, 8:30 am-5:00 pm 
Applicants must have completed 
grade & high schools, 4 years of 
college education with bachelor 
degree in computer science or 
related field and at least one 
year working experience for the 
job offered plus one year experi 
ence for the related occupation 
of system analyst. Applicants 
must show proof of legal authority 
to work in the U.S. Send resume 
to: Illinois Department of Empioy- 
ment Security, 401 South State 
Street - 7 North, Chicago, IL 
60605, Attention: Shella Lindsey, 
Reference #V-IL 29632 - L, An 
Employer Paid Ad. No calls - 
send 2 copies of both resume & 
cover letter 


Java Programmer Analyst. Provide 
technical computer support and 
user assistance in developing. 
operating, and maintaining all 
web application programs for 
all divisions of Morley Companies, 
Inc.; maintain existing web appli- 
cations; and prepare program 
documentation. Must have Bach- 
elor's degree in Computer Science 
or related, and knowledge of 
AS400 platform, Wet Sphere 
Application Server, and HTTP 
server for IBM, EJB, Java, JSP. 
and Java script. Send resume 
with cover letter to Morley Com- 
panies, Inc., Attn: Richard Mott. 
One Morley Plaza, Saginaw 
Michigan 48603 


NEED 
TO HIRE. 


@ careers.com 


aN as 
WITH US. 


Computerworld + InfoWorld » Network World © January 21, 2002 


Engineering Systems Analyst 
wanted by Cimnet in Downers 
Grove. Supervise software quality 
assurance product testing; train 
customers on systems operation; 
perform sample analyses of 
customer production work flow 
processes; perform analysis of 
customer systems data; develop, 
write and maintain technical 
documentation. Must have BA in 
Engg. or its equiv. & 6 yrs exp. in 
sys. analysis in the elec. manuf. 
indus. Respond to: HR Dept 
2651 Warrenville Road, Downers 
Grove, IL 60515 


Network Engineer wanted by 
DePau! in Chicago. Plan and 
design state of the art academic 
network facilities; provide and 
interface with mainframe systems 
ensuring appropriate access 
and security systems in-place: 
coordinate the development of 
remote access environment 
prepare technical documentation 
on computer and office hardware/ 
software; develop/maintain sched- 
ules and ensure proper mainte- 
nance of staff computing re- 
sources. Must have MS. in 
Compt. Sci. or equiv. & 6 mon 
exp. & Microsoft certified sys. En- 
gineer. Respond to: HR Dept 
DePau! University, 1 E. Jackson 
Chicago, IL 60604 


Systems Analyst - IS/IT Prof 
Consitng Svcs Co. in Piscataway, 
NJ. Masters degree in Comp. 
Sc., MIS, Engg. and 1 yr. exp. 
reqd. Respond by resume to 
(Ref: #GG7503), Subex Tech- 
nologies, Inc., 255 Old New 
Brunswick Road, S240, Piscat 
away, NJ 08854. (no phone 
calls) 


Software Engineer (Piscataway, 
NJ) - Design, develop, test and 
administer software including 
Unix, ServiceGuard, HP-IT/O. 
NNM, Trusted Systems, Oracle 
Informix, C; and write, debug and 
implement code. 40hrs/wk, 9am: 
5pm. $60000/ yr. Min: Bachelors 
Degree in Com-puter Science 
Engineering. Send resume to: 
Prosario Systems, Inc 143 


Olive St, Piscataway, NJ 08854 


Better get 
in here. 





@ careers.com 


Technician needed to configure, 
build & stage computerized 
Surveillance network sys., video 
imaging process & intrusion 
detection sys for financial insti- 
tutions including VIP 8.0. Plan, 
install, troubleshoot & support 
LAN hardware, software & apps. 
in various operating sys. Plan 
& develop IT sys. to enhance 
effective use of hardware & 
network sys including Cisco 
networks & routers. Build ad- 
vanced servers & PCs based on 
company specifications. Use 
WinNT, Win2000 Pro & Window 
2000 Servers. BS in comp. sci. or 
equiv. Send cov letter/res to 
Pradeep Kanungo, Operational 
Manager, CT&T Distributions 
Inc., 3 Kellogg Ct., Unit 2, Edison 
NJ 08817 


Quality Assurance Team Leader- 
Req. B.S. Comp. Sci., Eng., or 
related field & exp in Manual 
Testing in the Internet Environ- 
ment; Sr. Technical Manager- 
Req: B.S. Eng. & exp in heavy 
supply chain management 
execution, signma consulting 
Mercator & sterling; Also seeking 
qualified individuals for Senior 
Software Engineer and Quality 
Assurance Team Leader openin- 
ings. Apply to: Eventra, Inc, Attn 
HR Dept, 440 Wheelers Farms 
Rd, Milford, CT 06460 


Sr. Software Engineer: lead 
integration proj. with strong 
knowledge in Java, Corba, Ada. 
BizTalk, assembly, memory mgmt 
M.S. in Comp. Sci. plus 2 yr exp 
Send resume to HR, Integrated 
Solutions, 110 Wall St, Fl 7, NY, 
NY 10005 


Systems Analyst - IS/IT Prof 
Consitng Svcs. Co. in Piscataway, 
NJ. Masters degree in Comp 
Sc., Engg. and 6 mo. exp. reqd. 
Proficiency with RDBMS, C 
C++, Visual Basic. Respond by 
resume to: (Ref. #GG7432) 
Subex Technologies, inc., 255 
Old New Brunswick Road, S240. 
Piscataway, NJ 08854. (no 


phone calls) 


General Manager, Director 
International Sales. Directs int'l 
sales/mktg. of computer compo- 
nents and executives/adminis 
trative personnel; obtains com- 
petitive position in industry 
throughout S. America/Europe. 
U.S.; allocates budgets; evalu- 
ates sales reports; communi- 
cates in Spanish/Portuguese. 
French with foreign distributors, 
buyers. Job in FL. Req. 4yrs. exp. 
Resume to Doron Miller at 
Computech International, 525 
Northern Bivd., Suiie #102 
Great Neck, NY 11021. No cails. 


F/T Software Engineer. Respon- 
sibie for creating Functional 
Specification documents based 
on design requests & producing 
& implementing High Level 
Designs for assigned functional 
areas. Perform Unit Testing on 
developed codes & troubleshoot 
defects found. Design & imple- 
ment new modules in client server 
environment & maintain server 
modules. Provide technical sup- 
port to clients, evaluate business 
requirements & develop software 
& documentation according to 
established standards using 
Powerbuilder 7.0/PFC client & 
Sybase ASE, Sybase SQL, & 
Oracle 8i. Must have Bachelor's 
degree in Computer Science or 
related field. Must have 6 mos 
exp. in job offered or position w/ 
same duties. Salary: $62,920 
Send resume to Betsy Moya 
Sema, 701 Waterford Way, Suite 
300, Miami, Florida 33126 


IT Project Manager needed to 
manage IT infrastructure, research 
software apps., supervise tech 
Staff and manage implementation 
of new apps. including database 
admin. and version upgrades in 
Windows 2000/NT and Unix 
Oracle, MS Office and Quick- 
books, MS Exchange, TCP/IP, 
networking, LAN, T1, DSL, liS 
Firewall, Clustering, among others. 
Must have BS in Comp: Sci. or 
Eng. or related discipline +5 yrs 
relevant exp. Reply to: S. Nemani. 
4365 Rte. 1 South, Suite 110 
Princeton, NJ 08540. 


SYST ANALYST for IT consulting 
co to design & dev application 
software for marine shipping & 
transportation industry: 35 hrs, 
wk. Must have Master's deg in 
comp sci, MIS, elec engrg or 
math & 2 yrs in job or 2 yrs 
software engineer exp tact 
Trade Ship, Inc., HR Dept., 201 
Old Country Rd, Ste 202 


Melville, NY 11747. 


Senior Software Engineering 
positions available for qualified 
candidates possessing BS or 
equivalent and 4 yrs. relevant 
work experience. Work with 2 
of the following: ERP, BPCS 
CL/400, SQL400, AS/SET and 
RPG. Please mail resume to: 
VeryFine Products, Inc., Attn 
HR, 20 Harvard Rd., Littleton. 


MA 01460. EEO/AAP 


Sr. Technical Consultant - IS/IT 
Prof. Consitng Svcs Co. in 
Piscataway, NJ. Masters degree 
in Comp. Sc., Engg. and 1 yr 
exp. reqd. Proficiency with 
RDBMS, C, C++, Centura 
Respond by resume to: (Ref 
#GG7456), Subex Technoiogies, 
Inc., 255 Old New Brunswick 
Road, S240, Piscataway, NJ 


08854. (no phone calls) 


IT CAREERS 


COMPUTER PROFESSIONALS 
Opportunities for 


WEB ARCHITECTS, 
DEVELOPERS 

* SYSTEMS ANALYSTS 

WEB GRAPHIC DESIGNERS 

* NETWORK ENGINEERS 

* PROGRAMMERVANALYSTS 

¢ SOFTWARE ENGINEERS 


SKILLS 


¢ COLD FUSION « SPECTRA 
* ORACLE * VISUAL BASIC 
* VISUAL C++ * SIEBEL * ASP 
* COM, DCOM « JSP * HTML 
* JAVA, JAVA BEAN * EJB JAVA 
SERVLETS * WEBSPHERE 
* IBM MQ SERIES « XML, UML 
*MTS ¢ CLARIFY * PERL 
*OBJECTPERL * SPYPERL 
¢ SMALLTALK ¢ PL/SQL 

* VISUAL AGE * COBOL, SPL 
UNIX 


Visit our website @ 
www.computerhorizons.com 


Attractive salaries and benefits. 
Please forward your resume to: 
H.R. Mgr., Computer Horizons 
Corp. 49 Old Bloomfield Avenue 
Mountain Lakes, New Jersey 
07046-1495. Call 973-299-4000 
E-mail: jobs @ computerhorizons. 
com. An Equal Opportunity Em- 
ployer M/F. 


F/T Database Consuitant. Re 
sponsibie identifying business 
requirements related to the 
implementation of mpany's 
software solutions, compare 
business requirements to com- 
pany's software capabilities. 
determine enhancements, create 
functional design specifications 
& providing change management 
guidance to clients. Develop 
testing strategies, plans. Analyze 
computer codes to « 
database population & 
Establish hardware & s 
software environments & c 
technical design specific: 

for software enhancements. De- 
termine conversion strategies & 
plans & provide technical support 
Work w/ VMS, V' 

Access, COBOL, FoxPro 

Must have Bachelor's degree 
CS, Systems Engin. or related 
field. Foreign degree equivalent 
accepted. Must have 2 yrs. exp. 
in job offered or position w/ same 
duties. Salary: $57,185. Send 
resume: Betsy Moya, Sema, 701 
Waterford Way, Suite 300. Miarr 
FL 33126 


F/T Software Engineer. 

sible for creating F 
Specification docu: 

on design requests & 

& implementing High 
Designs for assigned f 

areas. Perform 

developed code 

defects 

support t 

business requirements & develop 
software & documentation ac 
cording to established standards 
using Centura w/ embedded 
SQL, PL/SQL, Java, Javas 
Java Swing, Java RMI, CORBA 
SUN RPC, Solaris 2.x, & 
SunOS. Must have Bachelor's 
degree in Computer Science 
or related field. Employer will 
accept a Master's degree in lieu 
of Bachelor's. Must hav 

exp. in job offerest or p 

same duties. Salary: $64,000 
Send resume to Betsy Moya 
Sema, 701 Waterford Way, Suite 
300, Miami, Florida 33126 


Sr., Technical Support 
wanted by Independer 

Cross in Philadelohia to 

sftwre req's for major business 
info systems using Javasc' 
OOT. BA/BS (or equiv) req 

yrs relevant exp 

G. Crawley 215-2 


Systems Supervisor 


Baptist Health Systems is currently seeking a Systems Supervisor to supervise the network 
server design, implementation and support processes. This position requires a BS/BA degree 
and 7 or more years of relevant IT experience. An in-depth working knowledge. of 
Client/Server, Internet/Intranet technology and an advanced working knowledge of multiple of 
the following Oses: Netware,Unix, 95/NT, Win2000 is required. The candidate we seek must 
have strong networking concepts and LAN/Wan design skills. Health care environment 
knowledge and programming/scripting skills are desirable. MCSE, MCNE, Sun competency 
or CCNA certification is preferred. 3 or more years experience in a project management/pian- 


ning capacity is required 


Please apply via fax to: 305-662-2759, 


Attn: Hilda Fuentes, Professional Recruiter, 
Human Resources Department. We are 

an equal opportunity employer and a BAPTIST WOSP 
drug-free workplace. www.baptisthealth.net 


Engineer li. Analyze & produce 
basic product designs/engineer- 
ing data as defined by product 
specs for avionics products such 
as software and contro! instru- 
ments and displays for cockpit- 
man-machine interface; create 
software program design using 
Ada programming, object-oriented 
design methods, & Rational 
Rose software tools in a UNIX 
based Rational Apex environ- 
ment along with the Virtual Pro- 
totypes Vaps tool on a Windows 
NT system; develop high and low 
level software interfaces with 
hardware for the ARINC 429 
ARINC 708, and MIL-STD- 
1553B protocols; interface with 
hardware including the Permedia 
3 graphics board, PowerPC 6.03 
processor, Mini ACE MIL-STD- 
1553B chip and compact PCI 
bus; determine feasibility of design 
w/i constraints; test for confor 
mance with specs; provide in- 
depth engineering support. Pre- 
requisites: Bach. degree in 
engineering or related field, plus 
at least 2 yrs of exp. in job offered 
OR 2 yrs of exp. in design/devel- 
opment of software. Competitive 
salary. Job Location: Duluth 
Georgia. Send resume to: Ms 
Margie Raimer, ATTN: DOL-AD- 
1; BarcoView LLC; 3059 Premiere 
Parkway; Duluth, GA 30097 
4905 


Application Developers, VA 
Beach, VA: Software (Reynolds 
DMS & automotive products) 
apps design & object oriented 
development using Java, C# 
Oracle, Visual Inerdev, VB 
VC++, & ASP/IIS 5.0. Req. BS in 
computer science, engineering 
or a related field and 2 years 
experience as a programmer. 
developer, or analyst. Resumes 
to: K. Cramer, Reynolds & 
Reynolds, Box 2608, Dayton 
OH 45401 


Full-time Architect. Responsible 
for providing technical support 
for database administration & for 
updating Oracle databases & ini- 
tiation of new code path policies 
working w/ C, C++, Unix HP, 
Suns, Oracie, OLE, Java, 
PUSQL, UML, Visual Basic 
& ASP. Assist in developing 
databases for translation pur- 
poses & creating new appiica- 
tions to initiate mew product 
releases to customers & database 
tables. Develop testing strategies, 
plans, conditions & analyze 
codes to determine database 
population & defects in customer's 
telecommunications billing soft- 
ware. Install & assist w/ upgrades 
for in-house translation tools 
provide support for translation 
issues & create functional design 
specifications for software 
enhancement. Must have Bach- 
elor's degree in Computer Science 
or related field. Foreign degree 
equivalent accepted. Must have 
2 yrs. exp. in job offered or position 
w/ same duties. Salary: $70K 
Send resume: Betsy Moya. 
Sema, 701 Waterford Way, Ste. 
300, Miami, FL 33126 


MARINERS HOSP! 


Baptist Health Systems 
of South Florida 
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Engineer 


Pitney Bowes, inc. has an opening 
in its Shelton, Connecticut office 
for an Engineer 


Support senior personnel inves 
tigating internet security threats 
and countermeasures and de 
termine how new product con. 
cepts should be designed in order 
to achieve required security levels. 
Support the creation and evalu- 
ation of new internet and network 
product concepts. Participate in 
technology investigations, in 
cluding secure coprocessors. 
biometrics, formal methods, de- 
sign methodology for secure sys- 
tems, power signature analysis, 
virtual private networks and clas- 
sical cryptographic algorithms 


Must possess at least a bachelor’s 
or its Equivalent in Compt 
Science, Electrical Enginee 

or a related field. Classro 
Training or experience with algo- 
rithm, analysis, scientific com 
puting and advanced rumerical 
analysis programming using 
Matlab and Maple, math back 
ground in field and number the- 
ory, assembly language pro 
gramming and knowledge of 
UNIX and LINUX administration 
is required 


Resume and/or cover letter must 
reflect each requirement above 
and specify reference code E1 or 
it will be rejected 


Forward resume to Robbin Drew 
Elliott, Pitney Bowes O 
Elmcroft Road, St 
06926-0700. 


Systems Analyst 


Pitney Bowes has an openi 
its Stamford, Connecticut off 
for a Systems Analyst 


Responsible for the successful 
design, development, implemen 
tation, support and troubleshoot 
ing of the Company's major busi- 
ness computer applications, in 
cluding billing and invoice gen 
eration. Work with end-users to 
determine both the business 
requirements of these systems 
and how to interface these new 
systems with the Company's 
existing hardware and software 
Oversee and coordinate related 
development, testing and imple- 
mentation activities. Codes in 
COBOL, Easytrieve, JCL, Trans 
form, SQL, IMS and DB2 


Must possess at least a bachelor's 
or its equivalent in Computer 
Science, Engineering, Math or a 
related field and relevant experi- 
ence as a Programmer Analyst 
as well as experience with the 
full software development life 
cycle a heavy design 
and COBOL, Easytrieve, JCL 
SQL, IMS, DB2 and Transform or 
a related system (i.c. MS DC). 


Resume and/or cover letter must 
reflect each requirement above 
and specify reference code SA 
or it will be rejected 


Forward resume to Robbin Drew 
Elliott, Pitney Bowes Inc., One 
Elmcroft Road, Stamford, CT 
06926-0700. 


Computerworld + InfoWorld » Network World + January 21, 2002 


Quality Analyst, Bohemia, NY: 
Exercise authority in QA matters 
that affect product or service 
quality. Verify, validate & analyze 
production work. Audit the out 
side connectivity of production 
sites. Verify, validate & analyze 
product n nality 
structions, including new bui 
testing. Compose and/or update 
test scripts, test plans, work 
instructions, forms, & other 
documentation. Administer QA 
test websites. Upgrade & main 
tain third party software used by 
QA, including browsers, antiviral 
software, operating systems. 
file-sharing software & serve 
management programs. Docu 
ment all defects, problems 
opportunities for improvement 
Work with Account Management 
group to provide technica! sup 
port. Bachelor's degree 
equivalent in Information Systems 
or Computer nce & 2 yrs 
exp. in IBM Pi 
commercial automated software 
tools such as Winrunner & ir 
and/or software testing 
e ntegration 


ssion tests. Alterna 
vely, the loyer will accept 
qualified applicant with 4 
exp 
in related sy 
position. 4 yrs exp. n include 
exp. BM PC's 
commercial automate: 


tools such as Win 


web and/or software 
as unit test: t 
& regression 

resume to Karen Pare 

Insite, 80 Orville Dr. Bohemia 


NY 11716 


Senior Oracle Database Admin 
Strator (Atlanta, Georgia) -Tech 
nical lead r 
aspects of Oracle database ad 
ministration on Windows NT and 
UNIX, including stored procedure 
development, PL SQL coding 
sting, t g and physical im 
lementation of production and 
development databases. Des 
systems, interfaces and data 
conversion programs consistent 
with company enterprise data 
architecture. Support production 
databases and interfaces fo! 
SAP administration, including 
financials and supply chain mod- 
ules, custom enterprise software 
and web-based software. Will 
supervise other DBA’'s. Must 
have a Bachelor 
equivalent in Computer 
or related field. Experienc 
have been obtained concurrently 
and must include: (i) 5 years of 
experience in the job offered OR 
5 years of experience as Oracie 
Database Administrator on Win: 
dows NT and UNIX; (ii) 5 years 
of experience each in PL SQL 
and production OBA support (iii) 
3 years of experience in SAP 
Basis Administration; and (iv) 1 
year of experience each in Oracle 
8i and data conversion. Must 
also be certified in Oracle Data 
base Administration, UNIX 
Administration, and SAP Basis 
Administration. Must have legal 
authority to work in U.S. Send 
resume to: Alison Reed (REF 
SODA), 4751 Best Road, Suite 
480, Atlanta, Georgia 30337 


lor 
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Deloitte 
Consulting 


Consulting 


Deloitte Consulting L.P. invites 
you to explore a dynamic career 
as a Consultant, Sr. Consultant, 
Manager or Senior Manager. 
Opportunities exist for qualified 
applicants with 1-6 years’ of re- 
lated experience, including ex- 
perience with one or more of the 
following 


Case Tools/Modeling 
Client/Server Object-Oriented 
Development 
Communications & Networking 
Data Warehousing/Online 
Analytic Processing 
Customer Information/Billing 
Systems 

Customer Relationship 
Management 

e-Business 

Enterprise Resource Planning 
Enterprise Systems Manage- 
ment 

GroupWare 

IBM Mainframe Tools 
Middleware/Messaging 
Object/Distributed Technologies 
Operating Systems 
Management or Technical 
Reengineering 

Relational Database Manage- 
ment Systems 

Risk Management Systems 
Strategic Enterprise Manage- 
ment 

Supply Chain Management 
Web Development 


Ali positions require some degree 
of travel as well as a Bachelor's 
Degree in a related field. Some 
positions require a Master's 
Degree. 


Positions are available in Chicago 
and Downers Grove, IL; Cincinnati 
and Cieveiand, OH; Austin, Dallas 
and Houston, TX; Boston, MA 
Hartford and Stamford, CT; New 
York, NY; Chadds Ford, Philadel- 
phia and Pittsburgh, PA; Detroit 
MI; Minneapolis, MN; Washington. 
DC; Atlanta, GA; Kansas City, 
MO; East Brunswick, Jersey City 
and Parsippany, NJ; Charlotte 
NC; Seattie, WA; Foster City, Los 
Angeles, Orange County, Sacra- 
mento and San Francisco, CA 


Fax detailed resume to Job 
Code # ECNOIVRCMPW at 
Deloitte Consulting LP. Fax # 
1-888-APPLYDT or email resume 
with Job Code to dtcareers 
@deloitte.com. NO CALLS 
PLEASE 


©2000 Deloitte Consulting 
All Rights Reserved. Deloitte 
Consulting L.P is an equal 
opportunity firm. 


Senior Oracle Financial Technical 
Analyst: Serves as a financial 
technical analyst with specialty 
in Oracle Financials and Pro C 
based on UNIX and NT platforms 
for large multi-national insurance 
company; develop program spec- 
ifications; provide program/system 
documentation; and assist in 
gathering information from the 
customers to be used in speci 
designs; assist in the selection 
of developing programs used 
for new or enhancing systems. 
Participate in the analysis of 
customer system problems and 
conduct unit and integration test- 
ing. Design complex data struc- 
tures in Oracle Financials or Pro 
C language; conduct program/sys: 
tem implementation and support 
the day-to-day operationa! envi- 
ronment. Sal:$80,000/yr.(overtime 
exempt); 37.5 hrs/wk., 8:30 am 
5:00 pm Mon-Fri. Requirements: 
B.S. degree in Computer Science 
or Engineering and 3 years exp. 
in job offered or as a Program- 
mer/Analyst. 3 years exp. must 
include 2 years technical experi- 
ence in “Oracle Financials", Pro-C. 
UNIX, Shell. Location: Chicago, 
IL Loop. Applicants must show 
proof of legal authority to work in 
the U.S. To apply send 2 copies 
of both resume and cover letter 
to: Illinois Dept. of Employment 
Security, 401 S. State St. 7 
North, Chicago, IL 60605, Attn 
Joanne Breaux, Reference #V-IL 
30882-N An employer paid ad. 


SOFTWARE APPLICATIONS 
DEVELOPER - Waukesha, Wis- 
consin Designs, prototypes, tests, 
codes and integrates multi-tiered 
software systems for 
global manufacturer of medical 
diagnostic imaging equipment 
Works with cross-functional 
engineering teams to develop and 
implement software systems for 
one or more modalities such as 
magnetic resonance (MR), com- 
puted tomography (CT), positron 
emission tomography (PET), ul- 
trasound, x-ray and/or other types 
of medical diagnostic equipment. 
Creates designs, documentation 
and test plans during the entire 
software development lifecycle 
Participates 
in post-production quality 
improvement while providing 
technical support to other 
engineers. Assists in modifying. 
enhancing, and maintaining 
existing software systems. Stays 


| abreast of emerging technologies 


and recommends software sys- 
tem alternatives. Utilizes and in- 
corporates Six Sigma methodolo- 
gy into the software development 
process whenever possible. 
Required is a Bachelor of 
Science degree in Computer Sci- 
ence, Information Technology or 
Engineering and two (2) years of 
experience in the position 
being offered or two (2) years 
of experience as a Software 
Engineer or Software Deveioper. 
As part of the required experience 
in the position being 
offered or in the related occupa- 
tion, the applicant must have had 
experience in designing and 
developing software utilizing 
programming languages includ- 
ing C/C++ and Java, and web/ 
application servers _ including 
Netscape Enterprise Server and 
|Planet; had experience working 
with NT and UNIX platforms; had 
experience with object oriented 
design methodology and with 
software aided case tools using 
Rational Rose/Visio; and had 
experience in the RDBMS 
design and development for 
Oracie/SQL Server. Must have 
proof of legal authority to 
work permanently in the 
United States. Please submit 
resume and cover letter to 
opportunities @ gecareers.com 
andreference this job code 
in subject line of email 
GEMS/266294/AN030. An Equal 
Opportunity Employer. 


Software Engineer. Provide 
Microsoft Development technol- 
ogy services: system analysis 
and design, software product 
development, web development 
turnkey software development 
user training, and technical 
consulting in the areas of 
programming, analyzing, impie- 
mentation, database administra- 
tion and systems/network 
administration. Bachelor's 
Degree in CS or CIS plus two 
year experience in job offered 
or aS a programmer. Must 
be proficient in VBScript 
JavaScript, Visual Basic, DTS, 
and XML. $60,000/year, 40hr) 
wk Must have proof of 
legal authority to work in the 
United States. Send your 
resume to the lowa Workforce 
Center, 215 Watson Powell, Jr. 
Way, #100, Des Moines, IA 
50309-1727. Please refer to Job 
Order 1A1101515. Employer paid 
advertisement 


SOFTWARE ENGINEER to 
design, develop, test, implement 
and support n-tier application 
software in a clienUserver envi- 
ronment using Cracle PL/SQL, 
Visual Basic, SOL Server, Crystal 
Reports, Visual Source Safe 
ASP, HTML. VB Script, Java 
Script, FTP and MS Access 
under Windows 95/98/NT, UNIX 
and Novell Netware operating 
systems. Require: Bachelor's 
degree in Computer Science, an 
Engineering discipline, or a 
closely related field with four 
years of experience in the job 
offered. Extensive travel on as- 
signments to various client sites 
within the U.S. is required 
Competitive salary offered. Apply 
by resume to: Juliette Moore, 
VP HR, Software Technical 
Services, Inc., 105 Nobel Court, 
Windward Business Center 
North, Alpharetta, GA 30005 
Attn: Job GS. 


IT CAREERS 


PlanetPro, Inc: A full life cycle 
software consulting co. offers 
excellent benefits & flexible hrs 
for the following positions: 


*Software Engineer: design, 
develop, & maintain large com- 
ponents of programs in VC++ 
COM, ASP, Java, VB, and SAP. 
BS +5 or MS+ 2 years of exp. 
On CS, eng. rel., info sys., or 
app. sci. rel. fie+id. 

¢DB/Netwrk Admin: Exp. in 
Oracle, SQL, and/or Sun Solaris 
systems analysis, design, & 
adm. Certification pref. Deg. in 
CS, IS, eng. or equv. Jr. level 
BS + 2 yrs. exp., Sr. level: MS + 
2 yrs. exp. 

*Programmer/analyst: 2 yrs 
programming exp.+ BS in CS, 
eng or info sys. Need to operate 
independently, assess tradeoffs 
in design, evaluate & recom- 
mend 3rd party software/tech- 
nologies, & effectively commu- 
nicate ideas. 


Multiple locations throughout the 
US, will change to unanticipated 
locations as req. Send res to: 
Recruiting Manager, PlanetPro 
Inc., 2893 Sunrise Bivd., St 107. 
Rancho Cordova, CA 95742. 
Legal right to work in the US 
must be stated. 


Systems Analyst. Atlanta, GA 
Develop unique solutions using 
ERDAS IMAGINE products. Use 
Remote Sensing/GIS techniques 
to develop software sol'ns. Provide 
tech assistance & troubleshoot 
Maintain & expand company's 
developer information website. 
Perform Aerial Photo Interpretation 
& Satellite Imaging manipulation. 
Provide consulting, using GIS/ 
Remote Sensing skills on use, 
applications & integration of ER- 
DAS products on site. Perform 
product testing & bug fix verifi 
cation. Req.: B.S. in Geog., CS 
or Earth Sci. and working knowl- 
edge, through academic course- 
work or experience, in Remote 
Sensing Image Processing 
of GIS applications and C 
programming. Contact Jody 
Silverman, ERDAS, Ste 300. 
2801 Buford Highway NE 
Atlanta, GA 30329. 


SENIOR SOFTWARE ENGI- 
NEER to lead a team in the design, 
development, testing and imple 
mentation of application soft- 
ware using C, C++, Visual Basic 
Oracle, Java, JSP, EJB, Web- 
Sphere, WebLogic, XML, EDI 
COGEN, informatica PowerMart 
and PeopleSoft under UNIX 
operating system; Supervise 
and mentor junior programmers 
and engineers. Require: Bachelor's 
degree in Computer Science, an 
Engineering discipline, or a 
closely related field with five 
years of progressively responsible 
experience in the job offered 
or as a Programmer/Analyst 
Extensive travel on assignment 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Send resume to 
Priti Darji, H.R. Manager, Charter 
Global Services, Inc., 5445 Triangle 
Parkway, Suite 190, Norcross. 
GA 30092; Attn: Job HK 


SOFTWARE ENGINEER to 
design, develop, test, implement. 
maintain and support |BM main 
frame business critical credit 
card application software using 
CICS, COBOL, VS-COBOL II 
Easytrieve, DB2, JCL, TSO, 
ISPF, Xpediter, Oracle, HTML. 
JavaScript, ColdFusion and SQL 
Server on OS/390, MVS/ESA 
and Windows NT platforms. 
Require: Bachelor's degree in 
Computer Science/Engineering, 
Business Administration, or a 
closely related field with five 
years of progressively responsible 
experience in the job offered 
or as a Programmer/Analyst 
Competitive salary offered. Send 
resume to: Debra L. Crow, 
Citibank Universal Card Services 
8787 Baypine road, Jacksonville 
FL 32256; Attn: Job RV. 


SOFTWARE CONSULTANT 
(Atlanta, GA) - Lead & direct 
application dvipmnt projects. Re- 
view & analyze business needs 
& design integrated solutions to 
complex application problems. 
Work in UNIX & Windows NT 
mainframe environments using 
Oracle, C++, Visual Basic & 
PeopleSoft tools. Perform project 
mgmt, analysis, design, coding, 
testing & maintenance of appli- 
cations to support user req's. 
Ensure sound program logic & 
perform post implementation 
review to ensure all req's are 
met. Provide internal application 
support by providing tech & 
consulting services. Req's: Mas- 
ter's degree in Comp Sci, Math 
or Engineering & 1 yr exp in job 
offered or 1 yr related industry 
exp as a Programmer, Applica- 
tions Developer or Consultant, 
including working with Oracie, 
C++, Visual Basic & PeopleSoft 
under UNIX or Windows NT 
environments. 40hrs/wk; M-F 
Yam-5pm; 65,521/yr. Apply in 
person or send 2 resumesi/Itr of 
qualifications to North Metro, 
Job Order # GA 7048811, 2943 
N. Druid Hills Rd, Atlanta, GA 
30359-0773 or the nearest Dept 
of Labor Field Service Office for 
referral to employer 


Computer Programmer/Analyst 
$42,984/Yr. BS in computer Sci- 
ence or similar disciplines such 
as Engineering, Mathematics, or 
Math-Science, etc. or equivalent 
by evaluation of exp. & educ. (3 
yrs exp = 1 yr college). 20% time 
per year traveling in the US. 3+ 
openings. Design and develop 
database using knowledge of 
Programming techniques and 
computer languages. Analyze 
requirements, procedures and 
problems to automate processing 
and improve existing computer 
systems. Design and implement 
application softwares which 
interface with database system 
and client/server architectured 
software system. Formulate 
specifications outlining steps to 
develop programs required by 
users. Develop graphical interface 
programming and communication 
protocol for client/server appli- 
cation. Write documentation for 
program development and man- 
ual for users. Maintain existing 
software applications. Perform 
bug fix/feature enhancement 
and provide system support for 
clients. Apply at the Texas Work- 
force Commission, Houston, TX 
or send resume to the Texas 
Workforce Commission, 1117 
Trinity, Room 424T, Austin 
TX 78701, JO#TX1102456, 
#1102457, and #1102458. 


Software Engineer 


Design and develop software 
systems, including server 
middieware and client portions 
Min. req. BA or BS in Computer 
Science or related plus 3 
yrs IT/related experience; or 
Master's degree in same. 40 
hrs/wk, $75k/yr. 

Must have proof of legai authority 
to work in the United States 
Send your resume to the lowa 
Workforce Center, 1700 S.1st 
Ave. - Suite 11B. Please refer to 
job order 1A1101497. Employer 
paid advertisement. 


Sr. Business Analyst 
San Diego Area 


IFS North America, Inc. has 
an open position to provide en 
terprise application implementa- 
tions from business process 
modeling through final installation 
inci customer training. Background 
in relational database design 
object modeling & PL/SQL skills 
req'd. An MBA & 5 yrs exp or a 
BA plus 7 yrs exp in Mfg or Eng 
field as Business Analyst, Post- 
Sales Consultant or Project Man- 
ager. 50% travel w/in Western 
US req'd. Fax resume to (520) 
512-2530. EOE 
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Cardinal Systems Group, Inc 


Multiple openings for IT positions 
in Kansas City, Missouri; Frederick, 
Maryland; and Bloomington, 
Iilinois: Senior Programmer/ 
Analysts, Programmer/Analysts, 
Software Engineers, Web Appli- 
cations Developers, Database 
Analysts/Administrators. Positions 
available at Bachelor of Science 
or Master of Science degree level 
(or equivalent) with 1-5 years of 
experience. Please indicate 
specific title and location of job 
for which your are applying on 
your application letter. Submit 
this ad, cover letter and resume 
to: Steven Lamberson, 211 W. 
Patrick Street, Frederick, MD 
21701 


Software Engineer needed 
Seeking qualified Senior or 
mid-level applicants possessing 
MS/BS or equivalent and relevant 
work experience. Experience 
with Retail Systems a definite 
Plus. Duties include: Analyzing, 
designing and developing 
software systems: coding and 
testing applications. Work with 2 
or more of the following: COBOL, 
CICS, DB2, JCL and REXX. Mail 
resume to RPM Consultants 
Inc., 79 Northumberland Road, 
Pittsfield, MA 01201 


Talent is 
the fuel of 
the new 
economy. 


Fill up 
with 
ITcareers. 


IT careers and 
IT careers.com 
can put your 
message in front 
of 2/3 of all US 
IT professionals. 
If you want to 
make hires, 
make your way 
into our pages. 
Call Janis 
Crowley at 
1-800-762-2977 
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Enron 


keep the systems running,” 
Walker added. 

After receiving bankruptcy 
court approval for the deal, 
UBS Warburg will 
control of Enron’s online trad- 


ing operations, including the | 


trading facility’s vast IT infra- 
structure. 

According to Walker, the in- 
vestment bank is looking to re- 
establish the Enron gas and 
electric trading business using 
what it believes to be the gold 
standard for IT infrastructures 
in the world of online ex- 
changes. 


EnronOnline is no small op- | 


eration. The deal involves 
thousands of Compaq Com- 
puter Corp. PCs, Sun Mi- 
crosystems Inc. Unix 
and third-party software li- 
censes from Microsoft Corp., 
Oracle Corp. and Tibco Soft- 
ware Inc., among others. UBS 
Warburg, the investment bank- 


ing arm of Swiss bank UBS AG, | 


will license the proprietary 
software developed by Enron 
for the trading operation and 
receive the source and object 
codes for that software. 


ANice Deal 
UBS Warburg will also gain 
rights to the patents Enron has 


filed relating to the functional- | 


ity that allows a single user to 
buy and sell with multiple 
counterparts, as well as its au- 
tomated trading capabilities. 
Not a bad bet, considering 
that the move will cost UBS lit- 
tle. It will pay for the opera- 
tion, the licenses to use En- 
ron’s proprietary software and 
the office space to house the 
facilities out of its profits for 


the next decade. In return, En- | 


ron will net 33% of the profits 
generated by the new trading 
entity for the first year, with 
that figure dropping to 22% 
and then 11% in coming years. 
But UBS must woo back 
shaken traders who have fled 


assume 


farms | 





to rival exchanges in recent 


weeks — and that’s no easy | 


sell. “Infrastructure’s only as 


good as what you do with it, | 


and nobody’s using Enron 
these days,” said Rob Schaffer, 
an analyst at Meta Group Inc. 
in Stamford, Conn. 

He added that taking over 
this type of operation was a 
“staggering” IT job — one that 


Enron itself probably could no | 


longer afford. “You’ve got on- 


going software licenses, main- | 


tenance contracts and the cost 


to house all these systems,” he |z 


said. “It costs money just sit- 
ting there. 

The contract contains a pro- 
vision for UBS to deduct up to 


$20 million from its royalty | : 
| return to EnronOnline. 


payments to cover the costs of 
building additional infrastruc- 
ture, paying fees for transfer- 
ring third-party software li- 
censes and establishing a dis- 
aster recovery facility. 

This year, UBS will use En- 





UBS WARBURG will be hard- 


pressed to get energy traders 
like these at Duke Energy to 


Texas, rent-free. After that, it | 


has the option of leasing the fa- 


| cility or using another. 


As part of the yearlong tran- 


| sition, Enron will assist with 
| data networks, active directo- 
ron’s data center in Ardmore, | 


ries, domain management, 





e-mail, voice mail and on-call | 
| support, though UBS will take | 
steps to separate the trading | 
operation and maintain infor- | 


mation security. 
UBS Warburg will also as- 


sume the EnronOnline domain | 


name. 


James Walker, an analyst at | 


Forrester Research Inc. in 


Cambridge, Mass., said he be- | 
lieves that all of Enron’s tech- | 


nology is likely to end up on 
eBay unless UBS pays to keep 
the intellectual capital of En- 
ron’s employee base in order to 


| make the operation succeed. 

“You're a star performer, and | 
| you knew you were working 
| for the best team,” he said. “Are 


you still working for the best 


team? At this point, those peo- | 


ple are critical.” 


To move ahead with the 


| deal, UBS Warburg must first 
and | 


get antitrust clearance 
permission to operate from the 
Federal Energy Regulatory 
Commission before it can 


Enron Bankruptcy Case Highlights E-Mail’s Lasting Trail 


E-mails are messy entities, leaving 
little bits of themselves all over the 
network. That's why the attempts of 
employees in the Houston office of 
Arthur Andersen LLC to delete 
e-mails related to failed commodities 
exchange Enron were futile, 

“It is impossible that [congres- 
sional investigators] cannot find 
data on those hard drives. There are 
too many computers involved,” said 
Michael Sanders, a computer foren- 
sics expert who specializes in e-mail 
recovery at New Technologies Inc. in 
Gresham, Ore. “[They] will find 
enough information to make a story.” 

As e-mail travels through the 
network, it leaves bits, and some- 
times entire copies of itself, that 
aren't affected when the Delete 
button is hit. And that doesn’t even 
take into account the e-mail rem- 
nants left on users’ hard drives or the 
periodic backups made of the server 
contents. 

According to published reports, 
Andersen acknowledges that in 
October and November, its employ- 





ees deleted e-mails related to their 
work as accountants and auditors 
for Enron. 

While e-mail servers and applica- 
tions vary in how they move and 
store electronic messages, all of 
them hoard information on hard dri- 
ves in the same way if they're run- 
ning on Windows-based PCs, Sand- 
ers said. He added that Lotus Notes 
is a particularly easy program from 
which to recover deleted messages. 

Arthur Andersen uses e-mail soft- 
ware and servers from IBM's Cam- 
bridge, Mass.-based Lotus Software 
Group subsidiary, according to Lotus 
CEO Al Zollar. At a conference last 
spring, he discussed the possibility 
that Lotus might lose Andersen as a 
client. 

Lotus declined an offer to com- 
ment for this story. Representatives 
for the other companies didn’t return 
calls. 

According to John Korsak, prod- 
uct manager for Lexington, Mass.- 
based Ipswitch Inc.'s IMail Server, a 
few firewalls are even configured to 





log information about e-mail passing 
in and out. For POPS e-mail, the 
message spools to a temporary file 
on the e-mail server while it’s being 
accepted. Though it may stay there 
for only a millisecond, Sanders said, 
a message can get stuck in spools, 
bouncing around from directory to 
directory. 

Enron was using Ipswitch’'s |Mail 
server, according to a list of technol- 
ogy assets sold to UBS Warburg, the 
investment banking arm of Swiss 
bank UBS AG, as part of Enron's 
bankruptcy proceedings. 

Sendmail, a freeware application 
that is the most common mail trans- 
fer agent (MTA), also records a log 
of all the header information for each 
e-mail that passes through a server. 
Once the MTA assigns the message 
to a directory on a server, it may be 
backed up to a storage tape. After a 
user downloads the message from 
the server, it sits in the in-box view 
until it’s deleted. From there, it goes 
to the deleted files view, and if delet- 
ed from there, it is simply removed 





restart the exchange, a process 
that could take up to a month, 
though there’s no firm time- 
table, said Walker. 

Despite UBS’s solid finan- 
cial reputation, it will likely 
face skepticism in the energy 
trading market, Gale 
Daikoku, an analyst for Stam- 
ford, Conn.-based Gartner 
Inc.’s GartnerG2 service. One 
upside is that Enron is consid- 
ered the most established com- 
pany in the business, and the 
competitors for the new entity 
| still find themselves in start-up 
| mode, she noted. 

Meta’s Schaffer questioned 
whether online trading will 
prove much of a business for 

| anyone, but he praised UBS 
Warburg for its move. 

“From UBS’s | standpoint, 
you're on the edge of this cata- 
strophe,” he said. “Why not 
step in and take the IT re- 
sources? No one’s looking at IT 
| in something like this, and it is- 

n't costing them a penny.” D 


said 


sage is still in the application and re- 
mains there until it's marked as free 
space by a process known as com- 
pression, or archiving in Notes. The 
message remains until the applica- 
tion overwrites it with a new mes- 
sage, which could take weeks or 
months. 

Even then, it will still remain, in 
part or in whole, on the hard drive in 
what are known as swap files. If an 
end user copied the e-mail to remov- 
able media, like a floppy disk, the 
registry would have a record of that 
activity. 

And with Web-based e-mail, the 
messages would be in the temporary 
files, even if deleted, until that space 
is overwritten. 

If nowhere else, the data is almost 
certainly on the hard drive, Sanders 
said. “As an administrator, that 
would be the first place I'd look,” he 
added. 


from the user's display. But the mes- | 


For a graphical 


- Jennifer DiSabatino 
depiction of the 
e-mail trail, go to 


ick 
aes our Web site: 


www.computerworld.com/q?a1520 
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Swat the Buffer Bugs 


ERE’S HOW A BUFFER OVERFLOW attack happens: 

A cracker acquires a popular piece of Internet-related 

software, such as a Web server or an instant messaging 

client, and analyzes the code. It’s pretty easy to find 

the input buffers, where anyone on the Net can send a 
string of data into the system. And it’s also pretty easy to find the 
code that feeds that data into each buffer. If that code doesn’t limit 
the length of the data string, the cracker knows he has a foolproof 


way into the system. 


Or maybe the cracker just tries the brute-force approach, feeding 


the software a random string that’s very, very 
long. If the software accepts it all, he’s in. 

Then the cracker writes a program to take 
over any computer running the vulnerable soft- 
ware and embeds it in a very, very long data 
string. He feeds it to likely candidate machines 
across the Net. Some of them will be running 
the software with the buffer overflow bug. The 
software on each of those machines unhesitat- 
ingly accepts the cracker’s very, very long 
string, which overflows the buffer and keeps 
filling up the computer’s memory until it over- 
writes the program stack. And as soon as the 
data input routine is finished, the cracker’s code 
has taken control of the machine. 

It’s that simple. There’s no real guesswork 
involved, because the cracker can test and re- 
fine his attack code on exactly the same right- 
out-of-the-box software he knows a lot of 
servers will be running. And there’s no random 
risk of failure, as there is with e-mail worms 
that depend on a user opening an attachment. If 
the buffer bug hasn’t been patched, the attack 
will succeed. 

Now, here’s how a buffer overflow attack is 
prevented: The software vendor’s 
programmers make sure their 
buffer input code limits how much 
data the buffer takes in, so any very, 
very long string is cut short and 
can’t take over a computer by over- 
running the buffer. 

Yeah, that is a lot simpler than 
what the cracker goes through. And 
it’s even more foolproof than the 
cracker’s attack. 

And it doesn’t take a crew of pro- 
gramming geniuses to make sure in- 
put buffers don’t overflow, either — 
just coders who take care to write 
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their buffer code correctly, and code reviewers 
who pay special attention to making sure that 
code is right. 

So let’s review: Buffer overflow attacks are 
very, very effective. And buffer overflow attacks 
are also very, very easy to prevent. 

So why do buffer bugs still exist? Answer: 
They shouldn’t. There’s no reason — none, 
nada, zilch — that any piece of software should 
ever have this kind of hole. Not commercial 
software, not custom code, not even the quick 
hacks that systems administrators slap together 
to crank through routine tasks. 

This bug is so easy to avoid and so dangerous 
when it exists that you’d think it would be a 
nonissue. It should be extinct, or at least so 
very, very rare that it would hardly ever pose 
a threat. 

Instead, buffer bugs are showing up every- 
where these days. Microsoft’s Windows XP, 
AOL Instant Messenger, Sun Solaris — we’re 
hearing about buffer attacks on every kind of 
widely used software that connects to the Net. 

Some of the vulnerabilities are in new soft- 
ware, but some have been there for years. That’s 
right: The bad guys are actually re- 
searching old buffer bugs — that’s 
how popular this kind of attack is 
about to become. 

If 2001 was the year of the e-mail 
worm, 2002 looks like the year of 
the buffer overflow. 

So check your systems, old and 
new. Apply every new patch a ven- 
dor issues for a buffer overflow vul- 
nerability — and make sure every 
old patch for buffer bugs has also 
been applied. Make it priority No. 1. 

Otherwise, this could be a very, 
very long year. D 





| 
| 
| 





WHEN A HIGHLY unusual ice 
storm hits this phone-support 
center in a Southern city, the 
phones go out at 10:15 a.m., a 
pilot fish reports; power goes at 
10:45. But two hours later, boss 
still won't let the staff go home. 
His logic: “Our California custo- 
mers aren't dealing with an ice 
storm, so they'll be at work trying 
to call us.” 


BOSS'S LAPTOP screen has 
been gradually getting dimmer 
for a while, but now it’s gone 
completely black. “We'll have to 
send it in to be serviced and 
maybe order a new laptop for 
you,” says tech pilot fish. But 
boss balks. “Can't you just 
change the bulb?” 


SEVERAL MONTHS after IT pi- 
lot fish installs a new inventory- 
tracking system, the plant super- 
visor complains that inventory 
records are consistently wrong. 
Fish investigates and finds that 
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users aren't strictly following the 
written data-entry procedures 
the fish has specified. “| know 
they aren't following proce- 
dures,” supervisor says. “But | 
didn’t want to force them until 
the data was more accurate.” 


VP OF R&D asks pilot fish to 
evaluate digital cameras to use 
for photographing products. 
When it’s time to present his re- 
sults to company owners, fish 
brings in his own digital camera 
to demonstrate. “Where do you 
put in the film?” one owner asks. 
Says fish: “It's a digital camera.” 
Owner: “We'd better not pur- 
chase one right now, in that case, 
since neither of us knows where 
to get digital film developed.” 


Digitize your story: sharky@ 
computerworld.com. You get 
a sharp Shark shirt if your true 
tale of IT life sees print - or if it 
shows up in the daily feed at 
computerworld.com/sharky. 


The 5th Wave 


“Slackware does a lot of Great things, 


I'm just not sure runni 


a word 


Processing program sideways without 
line breaks on butchers paper is one 
of them.” 





Has too much data put you ina ba-a-ad mood? Store Smarter.” 


4Péhive 


Active Archive Solutions” The intelligent way to optimize database performance. 

Tight budgets and an even tighter database. Feeling squeezed? Well, while everyone else is buying more hardware, 
the smart ones Store Smarter with Princeton Softech’s Active Archive Solutions” Active archiving sets aside 
infrequently used data to make room in your database, yet keeps it “active” for easy access. It’s the cost-effective 
way to reduce database overload and improve performance. So give yourself some space. 

Store Smarter. Call 800.457.7060 or visit www.storesmarter.com. 
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Oracle Database Clusters 


Unbreakable 


, = Won't go down if your server fails. 
Can't break it ‘ eet ae 
Won't go down if your site fails. 


14 International security certifications. 
IBM DB2 has none. Even MS SQL Server has one. 


Can’‘t break in 


ORACLE 


oracle.com/clusters 
or call 1.800.633.1062 








